Posted on: 10/05/04 04:57am
By: LWC
Ok, there are two problems:
1) The major one:
Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.
I just sent my real e-mail address to every user in my site!
How can an admin not do what a regular user can?!
2) The minor one:
After sending I get a list of failures and successes thanks to the following lines in mail.php:
[quote from mail.php]
if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}
[/quote]
BUT turns out that !isset only checks for NULL values.
And guess what? The minute a user edits something in his/her account info - ANY info - his/her entry in the database changes from "NULL" into just "" (i.e. blank character).
The result? Something like:
Successes:
Person 1
Person 3
Person 6
Where the spaces are of course the same "" (blank) full names.
Bugs in "Mail Users" function!
Posted on: 10/05/04 01:09pm
By: Dirk
[QUOTE BY= LWC] Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.[/QUOTE]
Yeah, that's a bug and has already been fixed in CVS.
[QUOTE BY= LWC] 2) The minor one: ...[/QUOTE]
Have to look into this first.
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/05/04 01:54pm
By: LWC
Oh, thanks.
I'm not sure about the minor problem, but didn't the major one worked correctly in older versions?
Bugs in "Mail Users" function!
Posted on: 10/07/04 01:59am
By: Dirk
[QUOTE BY= LWC] if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}[/QUOTE]
Try empty(...)
instead of the !isset(...)
(untested).
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/07/04 07:20am
By: LWC
You were right. The command "empty" displays nicknames even when the full names are not NULL but just empty.
Will you implement it in the next version?
P.S.
Why does it sometimes display e-mail addresses next to the list of persons and sometimes it omits them (even though the code supposedly tells it to always do it)?
Bugs in "Mail Users" function!
Posted on: 10/07/04 01:56pm
By: Dirk
[QUOTE BY= LWC] Will you implement it in the next version?[/QUOTE]
It's already in CVS.
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/07/04 02:10pm
By: LWC
Yea, I helped getting something in the CVS!
So now both bugs are there.
But just because something is in the CVS doesn't mean it'll actually get in the official version, does it?
And what about the addresses thing?
Bugs in "Mail Users" function!
Posted on: 10/07/04 02:27pm
By: Dirk
[QUOTE BY= LWC] But just because something is in the CVS doesn't mean it'll actually get in the official version, does it?[/QUOTE]
Usually, when I say that something is in CVS, you can assume that it will also be in the next release. It's very rare that we have to take something out again - usually because something doesn't work as expected or causes too many problems. That's certainly not the case here.
[QUOTE BY= LWC] And what about the addresses thing?[/QUOTE]
I didn't understand what you were trying to say. Which lists were you talking about?
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/07/04 02:51pm
By: LWC
Ok, according to this line
[quote from mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
the list of failures/successes should contain e-mail addresses in addition to nicknames/fullnames.
But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.
Bugs in "Mail Users" function!
Posted on: 10/08/04 03:12pm
By: Dirk
[QUOTE BY= LWC] But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.[/QUOTE]
Can't see anything obvious from the source code, other than that there's an extra '.' in the line
$failures[] .= $to;
That should read
$failures[] = $to;
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/09/04 09:06am
By: LWC
Yea, I helped discover another bug...
Well, get this - it turns out that IE (newest version) ignores the addresses because they're inside <>!
How do I know this? Because when I click "view source" it's right there!
I suggest, if you would, to fix by the next version the line
[quote in old mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
into
[quote in (hopefully) new mail.php]
$til .= '&lt;' . $A['email'] . '&gt;';
[/quote]
I tested it and it works.
Actually, it would even look better with:
[quote in (hopefully even better) new mail.php]
$til .= ' &lt;' . $A['email'] . '&gt;';
[/quote]
The only change is the space, so it wouldn't look like
name<what@ever.com>
but
name <what@ever.com>
Bugs in "Mail Users" function!
Posted on: 10/09/04 09:08am
By: LWC
BTW, I've just noticed there's a new version.
Too bad none of this got through...
Bugs in "Mail Users" function!
Posted on: 10/10/04 09:56pm
By: vinny
LWC,
The recent releases were security fixes. Since none of these problems compromises sites they'll be released when 1.3.10 comes out (hopefully soon).
-Vinny
Bugs in "Mail Users" function!
Posted on: 10/11/04 09:30am
By: Anonymous (Admin Too)
...except the "major" problem, which gives the admins false privacy...
Bugs in "Mail Users" function!
Posted on: 10/11/04 01:58pm
By: Dirk
[QUOTE BY= Admin Too] ...except the "major" problem, which gives the admins false privacy...[/QUOTE]
Hmm? It uses $_CONF['site_mail'], which is also sent out with every new registration email, as well as with the forum notifications (if you have the forum plugin installed). Certainly not the ideal place to put any "secret" email address in ...
bye, Dirk
Bugs in "Mail Users" function!
Posted on: 10/12/04 08:01am
By: Anonymous (Admin Too)
Yes, but first of all, no matter what it still tells the admin it does something it doesn't and secondly, you can use a false address for the site's mail.
Bugs in "Mail Users" function!
Posted on: 10/12/04 01:32pm
By: Dirk
[QUOTE BY= Admin Too] no matter what it still tells the admin it does something it doesn't[/QUOTE]
Well, it's a bug - so what? It was certainly out of the realm of a security release, as it is not a security issue.
bye, Dirk