415658 - apostrophe in email fails syntax check in editusers.cgi

Status: RESOLVED FIXED

(Bugzilla :: User Accounts, defect)

Description

[David Warden]

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648)
Build Identifier: 3.0.2

Attempting to edit an email to include an apostrophe fails in spite of it being a valid email:
joe_o'connell@mycorp.com

it says it did not pass syntax checking

Reproducible: Always

Steps to Reproduce:
1. Edit a user email to one with an apostrophe 

Actual Results:  
The e-mail address you entered (joe_o'connell@mycorp.com) didn't pass our syntax checking for a legal email address. A legal address must contain exactly one '@', and at least one '.' after the @. It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace. 

Expected Results:  
changed the address

Comment 1

[Frédéric Buclin]

My opinion is that RFC 3696 is too permissive:

"The exact rule is that any ASCII character, including control characters, may appear quoted, or in a quoted string. [...] In the context of local parts, apostrophe ("'") and acute accent ("`") are ordinary characters, not quoting characters."

But it's true that apostrophe is legal in email addresses.

Comment 2

[aon_bugzilla]

You cannot sign up to a bugzilla installation with an e-mail address that contains an apostrophe either (same error as above) - unfortunately this means I cannot sign up to my corporate bugzilla installation

Comment 3

[PBM]

This was previously addressed as a P1/Critical issue in bug 165221

I've run into the same issue with version 3.4.5

Unable to add or edit accounts to include an apostrophe in the email address. Attempts to do so return the error message: 
"The e-mail address you entered (first.o'last@bogus.qa) didn't pass our syntax checking for a legal email address. A legal address must contain exactly one '@', and at least one '.' after the @. It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace."

Comment 4

[Simon Green]

Attachment: patch to fix this problem

This patch changes the emailregexp param to allow the apostrophe. It also includes a generic function that allows warnings to be displayed when running checksetup.pl if an old default value is used.

If you don't want this check, just don't commit that file :)

Regards,
Hugo.

Comment 5

[Frédéric Buclin]

Comment on attachment 687459 [details] [diff] [review]
patch to fix this problem

We never warn admins when a default value changes. No reason to do it here. If allowing apostrophes is critical for an installation, admins probably already have added them to the regexp.

Comment 6

[Frédéric Buclin]

One should also make sure there is no risk to allow apostrophes in email addresses, as apostrophes can be used to quote strings.

Comment 7

[Simon Green]

Attachment: patch to fix this problem

Comment 8

[Simon Green]

(In reply to Frédéric Buclin from comment #6)
> One should also make sure there is no risk to allow apostrophes in email
> addresses, as apostrophes can be used to quote strings.

Things checked:
Adding and removing assignee, qa contact, cc user on a bug
Search and editing a search for the user
Changing e-mail address (to another user with an apostrophe)

Additionally, 008_filters.t should pick up any display that doesn't have a FILTER command when it should.

Regards,
Hugo

Comment 9

[Frédéric Buclin]

Comment on attachment 690082 [details] [diff] [review]
patch to fix this problem

Looks like allowing apostrophes in email addresses doesn't break stuff. r=LpSolit

Comment 10

[Frédéric Buclin]

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/Config/Auth.pm
Committed revision 8531.