Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 05:37 am EDT

Geeklog Forums

Bugs in "Mail Users" function!


Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
Ok, there are two problems:

1) The major one:
Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.

I just sent my real e-mail address to every user in my site!

How can an admin not do what a regular user can?!

2) The minor one:
After sending I get a list of failures and successes thanks to the following lines in mail.php:
[quote from mail.php]
if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}
[/quote]
BUT turns out that !isset only checks for NULL values.
And guess what? The minute a user edits something in his/her account info - ANY info - his/her entry in the database changes from "NULL" into just "" (i.e. blank character).

The result? Something like:
Successes:

Person 1

Person 3


Person 6

Where the spaces are of course the same "" (blank) full names.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: Turns out that, unlike profiles.php, the admin's mail.php ignores the fields "Reply-to" & "From"! It just uses the defaults no matter what I supply it with.

Yeah, that's a bug and has already been fixed in CVS.


Quote by LWC: 2) The minor one: ...

Have to look into this first.

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
Oh, thanks.

I'm not sure about the minor problem, but didn't the major one worked correctly in older versions?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: if (!isset($A['fullname'])) {
$til .= $A['username'];
} else {
$til .= $A['fullname'];
}

Try empty(...) instead of the !isset(...) (untested).

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
You were right. The command "empty" displays nicknames even when the full names are not NULL but just empty.

Will you implement it in the next version?

P.S.
Why does it sometimes display e-mail addresses next to the list of persons and sometimes it omits them (even though the code supposedly tells it to always do it)?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: Will you implement it in the next version?

It's already in CVS.

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
Yea, I helped getting something in the CVS!

So now both bugs are there.
But just because something is in the CVS doesn't mean it'll actually get in the official version, does it?

And what about the addresses thing?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: But just because something is in the CVS doesn't mean it'll actually get in the official version, does it?

Usually, when I say that something is in CVS, you can assume that it will also be in the next release. It's very rare that we have to take something out again - usually because something doesn't work as expected or causes too many problems. That's certainly not the case here.

Quote by LWC: And what about the addresses thing?

I didn't understand what you were trying to say. Which lists were you talking about?

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
Ok, according to this line
[quote from mail.php]
$til .= '<' . $A['email'] . '>';
[/quote]
the list of failures/successes should contain e-mail addresses in addition to nicknames/fullnames.

But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by LWC: But what really happens is that sometimes it happens and sometimes doesn't. Or some people have their addresses displayed, some don't, etc.

Can't see anything obvious from the source code, other than that there's an extra '.' in the line

$failures[] .= $to;

That should read

$failures[] = $to;

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
Yea, I helped discover another bug... LOL

Well, get this - it turns out that IE (newest version) ignores the addresses because they're inside &lt;&gt;!

How do I know this? Because when I click &quot;view source&quot; it's right there!

I suggest, if you would, to fix by the next version the line
[quote in old mail.php]
$til .= '&lt;' . $A['email'] . '&gt;';
[/quote]
into
[quote in (hopefully) new mail.php]
$til .= '&amp;lt;' . $A['email'] . '&amp;gt;';
[/quote]
I tested it and it works.

Actually, it would even look better with:
[quote in (hopefully even better) new mail.php]
$til .= ' &amp;lt;' . $A['email'] . '&amp;gt;';
[/quote]

The only change is the space, so it wouldn't look like
name&lt;what@ever.com&gt;
but
name &lt;what@ever.com&gt;
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 02/19/04
Posts: 818
BTW, I've just noticed there's a new version.

Too bad none of this got through...
 Quote

Status: offline

vinny

Site Admin
Admin
Registered: 06/24/02
Posts: 352
Location:Colorado, USA
LWC,

The recent releases were security fixes. Since none of these problems compromises sites they'll be released when 1.3.10 comes out (hopefully soon).

-Vinny
 Quote

Admin Too

Anonymous
...except the "major" problem, which gives the admins false privacy...
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Admin Too: ...except the "major" problem, which gives the admins false privacy...

Hmm? It uses $_CONF['site_mail'], which is also sent out with every new registration email, as well as with the forum notifications (if you have the forum plugin installed). Certainly not the ideal place to put any "secret" email address in ...

bye, Dirk
 Quote

Admin Too

Anonymous
Yes, but first of all, no matter what it still tells the admin it does something it doesn't and secondly, you can use a false address for the site's mail.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Admin Too: no matter what it still tells the admin it does something it doesn't

Well, it's a bug - so what? It was certainly out of the realm of a security release, as it is not a security issue.

bye, Dirk
 Quote

All times are EDT. The time is now 05:37 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content