View Issue Details

IDProjectCategoryView StatusLast Update
0000797Main CAcert Websitemiscpublic2013-01-19 08:22
Reportershinji Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Fixed in Version2013 Q1 
Summary0000797: Email form on contact us page lacks format validation
DescriptionCurrently the email form allows an individual to enter anything into the email field. If the email field only contains a username the mail transport agent will append it's default domain onto the email address assuming it is a local user. This should not happen.

The email field should be validated to ensure it contains a correctly formatted email address at minimum. This basically means at least an @ and a period following that. We should try and check for the @. combo which may be used to pass that check.
Additional InformationEmail addresses are typically a user@domain format. The domain is any valid domain out there. The user one is typically using ascii characters. Wikipedia shows the potential for internationalization in the future.

http://en.wikipedia.org/wiki/Email_address#Email_Address_Internationalization
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000795 closedNEOatNHNG contact form does not signal whether filed request is senstive or open 

Activities

INOPIAE

2013-01-19 08:22

updater   ~0003709

As the email address is not used in the course of the context of sending it to support.
The contact mail is just used to send the mail to either the to support@c.o. or to cacert-support@l.c.o.
The sender visible is a cacert address.
The email address entered into the form is only visible within the mail body.
It is up to the user answering to the request to verify that it is a valid email address. If the requestor enters a wrong email address he will not get an answer.

Issue History

Date Modified Username Field Change
2009-12-02 17:08 shinji New Issue
2009-12-02 17:09 shinji Summary Email form on support site lacks format validation => Email form on contact us page lacks format validation
2012-12-23 01:04 Werner Dworak Relationship added related to 0000795
2013-01-19 08:22 INOPIAE Note Added: 0003709
2013-01-19 08:22 INOPIAE Status new => closed
2013-01-19 08:22 INOPIAE Resolution open => won't fix
2013-01-19 08:22 INOPIAE Fixed in Version => 2013 Q1