apostrophe in email fails syntax check in editusers.cgi

RESOLVED FIXED in Bugzilla 5.0

Status

()

Bugzilla
User Accounts
--
minor
RESOLVED FIXED
11 years ago
2 years ago

People

(Reporter: David Warden, Assigned: Simon Green)

Tracking

3.0.2
Bugzilla 5.0
Bug Flags:
approval +

Details

Attachments

(1 attachment, 1 obsolete attachment)

385 bytes, patch
Frédéric Buclin
: review+
Details | Diff | Splinter Review
(Reporter)

Description

11 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648)
Build Identifier: 3.0.2

Attempting to edit an email to include an apostrophe fails in spite of it being a valid email:
joe_o'connell@mycorp.com

it says it did not pass syntax checking

Reproducible: Always

Steps to Reproduce:
1. Edit a user email to one with an apostrophe 

Actual Results:  
The e-mail address you entered (joe_o'connell@mycorp.com) didn't pass our syntax checking for a legal email address. A legal address must contain exactly one '@', and at least one '.' after the @. It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace. 

Expected Results:  
changed the address

Comment 1

10 years ago
My opinion is that RFC 3696 is too permissive:

"The exact rule is that any ASCII character, including control characters, may appear quoted, or in a quoted string. [...] In the context of local parts, apostrophe ("'") and acute accent ("`") are ordinary characters, not quoting characters."

But it's true that apostrophe is legal in email addresses.
Severity: major → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Other → All
Hardware: PC → All
Version: unspecified → 3.0.2

Comment 2

10 years ago
You cannot sign up to a bugzilla installation with an e-mail address that contains an apostrophe either (same error as above) - unfortunately this means I cannot sign up to my corporate bugzilla installation

Comment 3

8 years ago
This was previously addressed as a P1/Critical issue in bug 165221

I've run into the same issue with version 3.4.5

Unable to add or edit accounts to include an apostrophe in the email address. Attempts to do so return the error message: 
"The e-mail address you entered (first.o'last@bogus.qa) didn't pass our syntax checking for a legal email address. A legal address must contain exactly one '@', and at least one '.' after the @. It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace."
(Assignee)

Comment 4

6 years ago
Created attachment 687459 [details] [diff] [review]
patch to fix this problem

This patch changes the emailregexp param to allow the apostrophe. It also includes a generic function that allows warnings to be displayed when running checksetup.pl if an old default value is used.

If you don't want this check, just don't commit that file :)

Regards,
Hugo.
Attachment #687459 - Flags: review?

Comment 5

6 years ago
Comment on attachment 687459 [details] [diff] [review]
patch to fix this problem

We never warn admins when a default value changes. No reason to do it here. If allowing apostrophes is critical for an installation, admins probably already have added them to the regexp.
Attachment #687459 - Flags: review? → review-

Comment 6

6 years ago
One should also make sure there is no risk to allow apostrophes in email addresses, as apostrophes can be used to quote strings.
(Assignee)

Comment 7

6 years ago
Created attachment 690082 [details] [diff] [review]
patch to fix this problem
Attachment #687459 - Attachment is obsolete: true
Attachment #690082 - Flags: review?(LpSolit)
(Assignee)

Comment 8

6 years ago
(In reply to Frédéric Buclin from comment #6)
> One should also make sure there is no risk to allow apostrophes in email
> addresses, as apostrophes can be used to quote strings.

Things checked:
Adding and removing assignee, qa contact, cc user on a bug
Search and editing a search for the user
Changing e-mail address (to another user with an apostrophe)

Additionally, 008_filters.t should pick up any display that doesn't have a FILTER command when it should.

Regards,
Hugo

Comment 9

6 years ago
Comment on attachment 690082 [details] [diff] [review]
patch to fix this problem

Looks like allowing apostrophes in email addresses doesn't break stuff. r=LpSolit
Attachment #690082 - Flags: review?(LpSolit) → review+

Updated

6 years ago
Assignee: user-accounts → hugo.seabrook
Severity: normal → minor
Status: NEW → ASSIGNED
Flags: approval+
Target Milestone: --- → Bugzilla 5.0

Comment 10

6 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/Config/Auth.pm
Committed revision 8531.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

6 years ago
Duplicate of this bug: 279016

Updated

4 years ago
Duplicate of this bug: 1110489

Updated

2 years ago
Duplicate of this bug: 1309524
You need to log in before you can comment on or make changes to this bug.