View Issue Details

IDProjectCategoryView StatusLast Update
0001019Main CAcert Websitemy accountpublic2013-01-15 18:10
ReporterNEOatNHNG Assigned ToNEOatNHNG  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2012 Q3 
Summary0001019: Contact form does not work when logged in!
DescriptionWhen using the contact form while logged in, the form doesn't show the success page and does not send an email to support@cacert.org (have not tried whether mailing list works).
Additional InformationThis is a pretty critical issue as support requests, disputes, vulnerability reports etc. send via this form in logged in state gets lost without a trace!
TagsNo tags attached.
Reviewed bydastrath, NEOatNHNG
Test Instructions

Relationships

related to 0001021 closedINOPIAE test.cacert.org contact form on testserver redirects to www.cacert.org 
related to 0000795 closedNEOatNHNG Main CAcert Website contact form does not signal whether filed request is senstive or open 

Activities

NEOatNHNG

2012-03-01 00:56

administrator   ~0002867

First preliminary fix to disable the form temporarily. Real fix will follow later on. Please review.

Uli60

2012-03-06 21:26

updater   ~0002869

Last edited: 2012-03-06 21:37

View 2 revisions

open contact form, write some text
send

error message report:
This seems like you have cookies or Javascript disabled, cannot continue.

browser line in browser is: https://www.cacert.org/index.php

untestable
---

password login

click to "contact us" link at bottom

results in:

Contact Us

To contact us please log out and then use the contact form there or send us an email to support@cacert.org. We are working to fix this situation so you may contact us while staying logged in again.

INOPIAE

2012-03-06 21:36

updater   ~0002870

Login with certificate
Use contact form - Error warning is displayed => OK

Login with password
Use contact form - Error warning is displayed => OK

Use contact form logged out:
Cannot be test as error message report:
This seems like you have cookies or Javascript disabled, cannot continue.

browser line in browser is: https://www.cacert.org/index.php [^]

Mail seems to be send to support@cacert.org

Ted

2012-03-07 18:57

administrator   ~0002871

Did a quick test:
- Certificate login
- "Contact" linkk in footer

Message is shown ==> OK

- "Go Home"
- Click "Contact Us"

Contact form is shown ==> OK

Ted

2012-03-07 18:58

administrator   ~0002872

Last edited: 2012-03-07 19:16

View 2 revisions

Did code review, 01c885f8fc88cd42c750890b9accf67adfbeee40 vs. 8a7611eb5e18a678f81721d6602b668c2e7bea52

Changes are acceptable.

Sent patch request to critical admins, merged into release branch

wytze

2012-03-08 09:58

developer   ~0002873

The fix (more correctly: a quick and dirty workaround) has been applied on the production server on March 8, 2012.

NEOatNHNG

2012-03-08 10:31

administrator   ~0002874

OK, now that the deactivation is in place we have to solve the underlying problem.

MartinGummi

2012-05-22 23:28

updater   ~0003001

Did a quick test:

- Password login
- "Contact" link in footer

Message to Support Mailing List
 ==> OK
Message to Support
 ==> OK

INOPIAE

2012-05-22 23:29

updater   ~0003002

Login into account
Go to contact
Send a help request to the mailing list.
Msg: Your message has been sent to the general support list.
Mail was recieved from mailing list
=> OK

Send a help request to support@c.o.
Msg: Your message has been sent.
Mail was recieved from support@c.o.
=> OK

Test successful.

NEOatNHNG

2012-05-22 23:40

administrator   ~0003004

The underlying issue was that the target where the data was sent was hard coded and it was wrongly hard coded when logged in.

The last two tests took that already into account. Please review.

JonathanL

2012-05-27 15:07

reporter   ~0003009

Last edited: 2012-05-27 15:14

View 3 revisions

Logged in to account, go to contact us at bottom

Two forms: top and bottom.

Mail with random number 4e 58 68 a6 sent through first form.
Responds with: Your message has been sent to the general support list.

Mail with random number a9 3c e9 70 sent through second form.
Responds with: Your message has been sent.

Both arrived (INOPIAE)

Suggestion: label the two forms clearly, perhaps with "To: support@cacert.org" etc

NEOatNHNG

2012-09-04 22:44

administrator   ~0003181

Dirk has reviewed the patch during the software assessment meeting

NEOatNHNG

2012-09-11 20:56

administrator   ~0003183

Mail sent to critical admins

wytze

2012-09-17 08:49

developer   ~0003198

The fix has been installed on the production server on September 17, 2012. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2012-09/msg00000.html

Werner Dworak

2012-12-26 16:44

updater   ~0003569

Solved more than 3 months ago and no complaints.

Issue History

Date Modified Username Field Change
2012-03-01 00:23 NEOatNHNG New Issue
2012-03-01 00:23 NEOatNHNG Assigned To => NEOatNHNG
2012-03-01 00:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver bdfd7be8
2012-03-01 00:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 9422c4b9
2012-03-01 00:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver 734ad35d
2012-03-01 00:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver 01c885f8
2012-03-01 00:56 NEOatNHNG Note Added: 0002867
2012-03-01 00:56 NEOatNHNG Assigned To NEOatNHNG => Ted
2012-03-01 00:56 NEOatNHNG Status new => needs review & testing
2012-03-01 00:57 NEOatNHNG Reviewed by => NEOatNHNG
2012-03-06 21:26 Uli60 Note Added: 0002869
2012-03-06 21:36 INOPIAE Note Added: 0002870
2012-03-06 21:37 Uli60 Note Edited: 0002869 View Revisions
2012-03-07 18:57 Ted Note Added: 0002871
2012-03-07 18:58 Ted Reviewed by NEOatNHNG => Ted, NEOatNHNG
2012-03-07 18:58 Ted Note Added: 0002872
2012-03-07 18:58 Ted Status needs review & testing => ready to deploy
2012-03-07 19:16 Ted Note Edited: 0002872 View Revisions
2012-03-07 21:21 Ted Assigned To Ted =>
2012-03-08 09:58 wytze Note Added: 0002873
2012-03-08 09:58 wytze Status ready to deploy => solved?
2012-03-08 09:58 wytze Resolution open => fixed
2012-03-08 09:58 wytze Assigned To => wytze
2012-03-08 10:31 NEOatNHNG Note Added: 0002874
2012-03-08 10:31 NEOatNHNG Assigned To wytze => NEOatNHNG
2012-03-08 10:31 NEOatNHNG Status solved? => needs work
2012-03-08 10:31 NEOatNHNG Reviewed by Ted, NEOatNHNG =>
2012-03-08 12:45 NEOatNHNG Priority immediate => high
2012-03-08 12:45 NEOatNHNG Severity block => major
2012-05-22 22:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver ab972aa7
2012-05-22 22:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver c15aa191
2012-05-22 22:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 1da58648
2012-05-22 22:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 2e6b80c1
2012-05-22 22:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 5de1cb4e
2012-05-22 23:10 NEOatNHNG Source_changeset_attached => cacert-devel testserver eb9ed889
2012-05-22 23:10 NEOatNHNG Source_changeset_attached => cacert-devel testserver 89c0c15f
2012-05-22 23:28 MartinGummi Note Added: 0003001
2012-05-22 23:29 INOPIAE Note Added: 0003002
2012-05-22 23:40 NEOatNHNG Reviewed by => NEOatNHNG
2012-05-22 23:40 NEOatNHNG Note Added: 0003004
2012-05-22 23:40 NEOatNHNG Status needs work => needs review & testing
2012-05-27 15:07 JonathanL Note Added: 0003009
2012-05-27 15:09 JonathanL Note Edited: 0003009 View Revisions
2012-05-27 15:14 INOPIAE Note Edited: 0003009 View Revisions
2012-08-21 21:26 NEOatNHNG Status needs review & testing => needs review
2012-09-04 22:44 NEOatNHNG Reviewed by NEOatNHNG => dastrath, NEOatNHNG
2012-09-04 22:44 NEOatNHNG Note Added: 0003181
2012-09-04 22:44 NEOatNHNG Status needs review => ready to deploy
2012-09-11 20:56 NEOatNHNG Note Added: 0003183
2012-09-13 16:50 NEOatNHNG Source_changeset_attached => cacert-devel release 7400caae
2012-09-17 08:49 wytze Note Added: 0003198
2012-09-17 08:49 wytze Status ready to deploy => solved?
2012-12-04 07:18 Uli60 Relationship added related to 0001021
2012-12-04 07:20 Uli60 Relationship added related to 0000795
2012-12-26 16:44 Werner Dworak Note Added: 0003569
2012-12-26 16:44 Werner Dworak Status solved? => closed
2013-01-15 18:10 Werner Dworak Fixed in Version => 2012 Q3