• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Email padding is broken again.

In our test cases web we have a test that fails so I really wonder why these sorts of bugs come back.

I think people are too focused on the unit tests which are very limited in scope.

The problem.

Here are the examples from TestCaseAutoFormatting 

[[mailto:a@z.com Mail]]

[[mailto:?subject=Hi Hi]]

a@b.com

[[mailto:a@b.com][Mail]]

[[mailto:a@b.com][Mail link]]

[[mailto:?subject=Hi][Subject_only]]

[[mailto:?subject=Hi][Subject only]]

<a href="mailto:?subject=Hi">Subject only</a>

And without verbatim. Here on bugs there is no email padding enabled. So enable it on your own TWiki and copy the code there.

Mail

Hi

a@bNOSPAM.com

Mail

Mail link

Subject_only

Subject only

Subject only

and as you can see when you view sources the padding is missing on email addresses that are not with mailto and the encoding of @ and dots is also missing. It only pads the href link.

It is not enough that the href mailto link is padded. The readable test must also be padded. Email harvesters will look for anything that matches an email address.

This means that peoples email addresses in old Cairo user topics are completely unprotected! Therefore urgent. Bug was also in 4.0.5

KJL

Fixed now.

-- PTh

Running the unit tests and not ignoring the warnings reveals that there is an issue with uninitialised variable.

I have added the code that eliminates this problem and also added the unit test that will reveal if the above problem comes back

KJL

A link like a@bNOSPAM.com is now padded but still not entity encoded.

It has been working and the test case supports the feature.

It was Crawford that removed the code originally. Without fixing the test case. But in this case I will not fix the test case because it makes no sense that email addresses only sometimes are encoded.

Release blocker.

KJL

Originally there was a code in Render.pm line 729 that said 

    # Much harder obfuscation scheme
    $url =~ s/(\W)/'&#'.ord($1).';'/ge;
    $text =~ s/(\W)/'&#'.ord($1).';'/ge;

This was removed because it caused other trouble. 

[[mailto:feedback@twiki.org][Send Us Feedback]]

would be rendered as Send Us Feedback with the nops entity encoded and therefore visible so this is why Crawford removed it.

A simple fix is to only encode @ when it is link text and not spaces and other whitespace.

This also means that clear text used for email links is not encoded which makes a whole lot of sense.

Will action.

KJL

Waiting for release (again smile )

See also Item2928. It shows what the old issue was.

KJL

ItemTemplate
Summary Email addresses not always padded and encoded.
ReportedBy TWiki:Main.KennethLavrsen
Codebase 4.0.5, ~twiki4
SVN Range TWiki-4.1.0, Wed, 10 Jan 2007, build 12488
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 12521 12545 12550
TargetRelease minor
Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r11 - 2007-01-16 - JasonHill
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback