Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 12:21 am EST
Geeklog Forums
Bugs in "Mail Users" function!
Status: offline
LWC
Forum User
Full Member
Registered: 02/19/04
Posts: 818
Ok, there are two problems:
1) The major one:
Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.
I just sent my real e-mail address to every user in my site!
How can an admin not do what a regular user can?!
2) The minor one:
After sending I get a list of failures and successes thanks to the following lines in mail.php:
[quote from mail.php]
if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}
[/quote]
BUT turns out that !isset only checks for NULL values.
And guess what? The minute a user edits something in his/her account info - ANY info - his/her entry in the database changes from "NULL" into just "" (i.e. blank character).
The result? Something like:
Successes:
Person 1
Person 3
Person 6
Where the spaces are of course the same "" (blank) full names.
1) The major one:
Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.
I just sent my real e-mail address to every user in my site!
How can an admin not do what a regular user can?!
2) The minor one:
After sending I get a list of failures and successes thanks to the following lines in mail.php:
[quote from mail.php]
if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}
[/quote]
BUT turns out that !isset only checks for NULL values.
And guess what? The minute a user edits something in his/her account info - ANY info - his/her entry in the database changes from "NULL" into just "" (i.e. blank character).
The result? Something like:
Successes:
Person 1
Person 3
Person 6
Where the spaces are of course the same "" (blank) full names.
7
17
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.
Yeah, that's a bug and has already been fixed in CVS.
Quote by LWC: 2) The minor one: ...
Have to look into this first.
bye, Dirk
12
8
Quote
Status: offline
LWC
Forum User
Full Member
Registered: 02/19/04
Posts: 818
You were right. The command "empty" displays nicknames even when the full names are not NULL but just empty.
Will you implement it in the next version?
P.S.
Why does it sometimes display e-mail addresses next to the list of persons and sometimes it omits them (even though the code supposedly tells it to always do it)?
Will you implement it in the next version?
P.S.
Why does it sometimes display e-mail addresses next to the list of persons and sometimes it omits them (even though the code supposedly tells it to always do it)?
8
12
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: But just because something is in the CVS doesn't mean it'll actually get in the official version, does it?
Usually, when I say that something is in CVS, you can assume that it will also be in the next release. It's very rare that we have to take something out again - usually because something doesn't work as expected or causes too many problems. That's certainly not the case here.
Quote by LWC: And what about the addresses thing?
I didn't understand what you were trying to say. Which lists were you talking about?
bye, Dirk
14
7
Quote
Status: offline
LWC
Forum User
Full Member
Registered: 02/19/04
Posts: 818
Ok, according to this line
[quote from mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
the list of failures/successes should contain e-mail addresses in addition to nicknames/fullnames.
But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.
[quote from mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
the list of failures/successes should contain e-mail addresses in addition to nicknames/fullnames.
But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.
11
11
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.
Can't see anything obvious from the source code, other than that there's an extra '.' in the line
$failures[] .= $to;
That should read
$failures[] = $to;
bye, Dirk
6
15
Quote
Status: offline
LWC
Forum User
Full Member
Registered: 02/19/04
Posts: 818
Yea, I helped discover another bug...
Well, get this - it turns out that IE (newest version) ignores the addresses because they're inside <>!
How do I know this? Because when I click "view source" it's right there!
I suggest, if you would, to fix by the next version the line
[quote in old mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
into
[quote in (hopefully) new mail.php]
$til .= '&lt;' . $A['email'] . '&gt;';
[/quote]
I tested it and it works.
Actually, it would even look better with:
[quote in (hopefully even better) new mail.php]
$til .= ' &lt;' . $A['email'] . '&gt;';
[/quote]
The only change is the space, so it wouldn't look like
name<what@ever.com>
but
name <what@ever.com>
Well, get this - it turns out that IE (newest version) ignores the addresses because they're inside <>!
How do I know this? Because when I click "view source" it's right there!
I suggest, if you would, to fix by the next version the line
[quote in old mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
into
[quote in (hopefully) new mail.php]
$til .= '&lt;' . $A['email'] . '&gt;';
[/quote]
I tested it and it works.
Actually, it would even look better with:
[quote in (hopefully even better) new mail.php]
$til .= ' &lt;' . $A['email'] . '&gt;';
[/quote]
The only change is the space, so it wouldn't look like
name<what@ever.com>
but
name <what@ever.com>
12
14
Quote
Admin Too
Anonymous
...except the "major" problem, which gives the admins false privacy...
6
13
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Admin Too: ...except the "major" problem, which gives the admins false privacy...
Hmm? It uses $_CONF['site_mail'], which is also sent out with every new registration email, as well as with the forum notifications (if you have the forum plugin installed). Certainly not the ideal place to put any "secret" email address in ...
bye, Dirk
11
11
Quote
Admin Too
Anonymous
Yes, but first of all, no matter what it still tells the admin it does something it doesn't and secondly, you can use a false address for the site's mail.
10
13
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Admin Too: no matter what it still tells the admin it does something it doesn't
Well, it's a bug - so what? It was certainly out of the realm of a security release, as it is not a security issue.
bye, Dirk
9
11
Quote
All times are EST. The time is now 12:21 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content