Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Trac: Tickets

[The Trac Project] #3212: notification email check too strict

  

 
Trac tickets RSS feed   Index | Next | Previous | View Threaded


noreply at edgewall

Jun 2, 2006, 1:56 AM

Post #1 of 8 (1245 views)
Permalink
[The Trac Project] #3212: notification email check too strict
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: jonas
Type: defect | Status: new
Priority: low | Milestone:
Component: ticket system | Version: 0.9.5
Severity: normal | Keywords:
-----------------------------------------------------+----------------------
Email checks in notification.py are '''too strict'''. For instance '+' and
'=' delimiters can be used in '''username''' part of RFC822 address but
they are not allowed - see the code:

File notification.py, revision 3356, line 138:

{{{
addrfmt = r"[\w\d_\.\-]+\@(([\w\d\-])+\.)+([\w\d]{2,4})+"
}}}

I'd suggest adding '+' and '=', as well as allowing \% as
username/hostname delimiter too. And there is possibility of someone using
user%host [at] host addresses too (think relaying).

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 2, 2006, 5:31 AM

Post #2 of 8 (1203 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Changes (by eblot):

* milestone: => 0.11
* owner: jonas => eblot
* status: new => assigned
* version: 0.9.5 => devel

Comment:

You're right, the email address validation needs to be revisited to comply
with RFC2822.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 2, 2006, 11:56 AM

Post #3 of 8 (1205 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Comment (by mgood):

Well, I don't know how much the address format changed from RFC 822 to RFC
2822, but apparently it's extremely complicated to write a regex to
validate RFC 822 addresses:
http://www.ex-parrot.com/~pdw/Mail-RFC822-Address.html

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 3, 2006, 3:30 AM

Post #4 of 8 (1218 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Comment (by Dinko Korunic <dinko.korunic [at] gmail>):

Unfortunately yes. It's up to you to decide either to:
* implement only some of the features (which I've mentioned),
* to ignore the mail checking at all (or to allow disabling the mail
validity checks - eventually the bad headers will be dropped by MTA) or
* to implement all of this evil regex (which is probably quite CPU
consuming, regarding the complexity of a such state machine).

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 6, 2006, 3:58 PM

Post #5 of 8 (1215 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Comment (by eblot):

The trouble is that the regex is not used to validate an email address,
but used to extract email addresses from login and other kinds of
"username" strings: I don't see an easy way to distinguish an email
address from another simple username string. Up to now, Trac allows both
kinds in email-related fields.

Another option would be to ask the MTA to validate each 'suspected' email
address, but this solution seems quite complex and may report false
negatives.

The RFC(2)822 email address regex is not really usable.[[BR]]
IMHO, we could improve the existing regex so that it supports `+` and `=`
chars in email addresses.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 14, 2006, 2:05 PM

Post #6 of 8 (1210 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Comment (by david.l.jones [at] gmail):

I've attached a patch to simply allow + and = symbols in the email
address. I use "username+trac [at] hos"-style filtering prolifically, so this
was a crude awakening when it broke!

As for the relay portion (the % character)... it's not in this patch. I'm
not sure how my MTA at work (where I am writing this, natch) will handle
that, i.e. if it will actually relay, so I am going to hold off on testing
that.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 15, 2006, 6:44 AM

Post #7 of 8 (1190 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: assigned
Priority: low | Milestone: 0.11
Component: ticket system | Version: devel
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Changes (by david.l.jones [at] gmail):

* cc: david.l.jones [at] gmail (added)

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets


noreply at edgewall

Jun 18, 2006, 3:43 PM

Post #8 of 8 (1199 views)
Permalink
Re: [The Trac Project] #3212: notification email check too strict [In reply to]
#3212: notification email check too strict
-----------------------------------------------------+----------------------
Reporter: Dinko Korunic <dinko.korunic [at] gmail> | Owner: eblot
Type: defect | Status: closed
Priority: low | Milestone: 0.10
Component: ticket system | Version: devel
Severity: normal | Resolution: fixed
Keywords: |
-----------------------------------------------------+----------------------
Changes (by eblot):

* milestone: 0.11 => 0.10
* resolution: => fixed
* status: assigned => closed

Comment:

Patch applied in [3423].

I've searched for better regular expressions for email address detection,
but it seems there are no useful alternative but the overly complex
solution as pointed out by Matt.

Closing this ticket for [milestone:0.10], feel free to reopen it if other
kind of email addresses are in trouble.

--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3212>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
Trac-Tickets [at] lists
http://lists.edgewall.com/mailman/listinfo/trac-tickets

Trac tickets RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.