Closed Bug 193989 Opened 22 years ago Closed 21 years ago

Email notification for cancellation of "password change token" does not use emailsuffix

Categories

(Bugzilla :: Email Notifications, defect)

Product:
Bugzilla
Component:
Email Notifications
Version:
2.17.3
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: jlawson-mozbug, Assigned: jlawson-mozbug)

Details

Attachments

(1 file)

patch to Token.pm to handle emailsuffix parameter
857 bytes, patch
justdave
: review+
Details | Diff | Splinter Review 
The "emailsuffix" parameter setting is not taken into account when sending an 
email notification to the user when the "password change token" is cancelled.  
All other email notifications relating to tokens seem to be handled properly 
except the cancellation message.
Fixes the problem by including the suffix.  I removed the incorporation of the
user's "full name" in the "To:" address, since that seemed inconsistent with
all other instances in this file.
Attachment #114870 - Flags: review?(justdave)
Why are we chopping out $realname now?
Including the realname would be inconsistent with how emails are formed for all 
other bugzilla notifications and was failing for us (apparently due to improper 
escaping?).  The realname is not really essential for mail delivery, but it is 
worse for it to be inconsistently used in some places.  If you guys really want 
to include it on all emails in the future, then it should probably be ensured 
that all emails include it for all addresses (to and cc), but that probably 
needs to be another bug.
Hrm... ok. Makes sense to me. The to include/not to include realname issue will
go away when emails are templatized; each site can make a decision then.

I'll test this patch on my test installation ASAP.

I think our problem was that some of our realnames include commas
(ie: $realname = "lastname, firstname") so that was being interpreted as 
two "To:" recipients.  Dealing with other special characters in the realname 
would also need to be handled before it can be arbitrarily included (such as 
$realname's that actually contain quote characters and maybe other high-ASCII 
chars?).  As I suggested, including the realname in a consistent and safe 
manner would need to be addressed universally in some other bug if that is 
really what's desired.
Comment on attachment 114870 [details] [diff] [review]
patch to Token.pm to handle emailsuffix parameter

looks good to me.

Yeah, including the real name without escaping it for proper To: header syntax
could be considered a security hole.  Good thing to remove it at this point
since it's not being escaped properly.
Attachment #114870 - Flags: review?(justdave) → review+
-> patch author
Assignee: preed → jlawson-mozilla
Flags: approval+
Checking in Token.pm;
/cvsroot/mozilla/webtools/bugzilla/Token.pm,v  <--  Token.pm
new revision: 1.17; previous revision: 1.16
done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 2.18
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: