View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001019||Main CAcert Website||my account||public||2012-03-01 00:23||2013-01-15 18:10|
|Fixed in Version||2012 Q3|
|Summary||0001019: Contact form does not work when logged in!|
|Description||When using the contact form while logged in, the form doesn't show the success page and does not send an email to firstname.lastname@example.org (have not tried whether mailing list works).|
|Additional Information||This is a pretty critical issue as support requests, disputes, vulnerability reports etc. send via this form in logged in state gets lost without a trace!|
|Tags||No tags attached.|
|Reviewed by||dastrath, NEOatNHNG|
||First preliminary fix to disable the form temporarily. Real fix will follow later on. Please review.|
open contact form, write some text
error message report:
browser line in browser is: https://www.cacert.org/index.php
click to "contact us" link at bottom
To contact us please log out and then use the contact form there or send us an email to email@example.com. We are working to fix this situation so you may contact us while staying logged in again.
Login with certificate
Use contact form - Error warning is displayed => OK
Login with password
Use contact form - Error warning is displayed => OK
Use contact form logged out:
Cannot be test as error message report:
browser line in browser is: https://www.cacert.org/index.php [^]
Mail seems to be send to firstname.lastname@example.org
Did a quick test:
- Certificate login
- "Contact" linkk in footer
Message is shown ==> OK
- "Go Home"
- Click "Contact Us"
Contact form is shown ==> OK
Did code review, 01c885f8fc88cd42c750890b9accf67adfbeee40 vs. 8a7611eb5e18a678f81721d6602b668c2e7bea52
Changes are acceptable.
Sent patch request to critical admins, merged into release branch
||The fix (more correctly: a quick and dirty workaround) has been applied on the production server on March 8, 2012.|
||OK, now that the deactivation is in place we have to solve the underlying problem.|
Did a quick test:
- Password login
- "Contact" link in footer
Message to Support Mailing List
Message to Support
Login into account
Go to contact
Send a help request to the mailing list.
Msg: Your message has been sent to the general support list.
Mail was recieved from mailing list
Send a help request to email@example.com.
Msg: Your message has been sent.
Mail was recieved from firstname.lastname@example.org.
The underlying issue was that the target where the data was sent was hard coded and it was wrongly hard coded when logged in.
The last two tests took that already into account. Please review.
Logged in to account, go to contact us at bottom
Two forms: top and bottom.
Mail with random number 4e 58 68 a6 sent through first form.
Responds with: Your message has been sent to the general support list.
Mail with random number a9 3c e9 70 sent through second form.
Responds with: Your message has been sent.
Both arrived (INOPIAE)
Suggestion: label the two forms clearly, perhaps with "To: email@example.com" etc
||Dirk has reviewed the patch during the software assessment meeting|
||Mail sent to critical admins|
The fix has been installed on the production server on September 17, 2012. See also:
||Solved more than 3 months ago and no complaints.|
|2012-03-01 00:23||NEOatNHNG||New Issue|
|2012-03-01 00:23||NEOatNHNG||Assigned To||=> NEOatNHNG|
|2012-03-01 00:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver bdfd7be8|
|2012-03-01 00:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 9422c4b9|
|2012-03-01 00:55||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 734ad35d|
|2012-03-01 00:55||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 01c885f8|
|2012-03-01 00:56||NEOatNHNG||Note Added: 0002867|
|2012-03-01 00:56||NEOatNHNG||Assigned To||NEOatNHNG => Ted|
|2012-03-01 00:56||NEOatNHNG||Status||new => needs review & testing|
|2012-03-01 00:57||NEOatNHNG||Reviewed by||=> NEOatNHNG|
|2012-03-06 21:26||Uli60||Note Added: 0002869|
|2012-03-06 21:36||INOPIAE||Note Added: 0002870|
|2012-03-06 21:37||Uli60||Note Edited: 0002869|
|2012-03-07 18:57||Ted||Note Added: 0002871|
|2012-03-07 18:58||Ted||Reviewed by||NEOatNHNG => Ted, NEOatNHNG|
|2012-03-07 18:58||Ted||Note Added: 0002872|
|2012-03-07 18:58||Ted||Status||needs review & testing => ready to deploy|
|2012-03-07 19:16||Ted||Note Edited: 0002872|
|2012-03-07 21:21||Ted||Assigned To||Ted =>|
|2012-03-08 09:58||wytze||Note Added: 0002873|
|2012-03-08 09:58||wytze||Status||ready to deploy => solved?|
|2012-03-08 09:58||wytze||Resolution||open => fixed|
|2012-03-08 09:58||wytze||Assigned To||=> wytze|
|2012-03-08 10:31||NEOatNHNG||Note Added: 0002874|
|2012-03-08 10:31||NEOatNHNG||Assigned To||wytze => NEOatNHNG|
|2012-03-08 10:31||NEOatNHNG||Status||solved? => needs work|
|2012-03-08 10:31||NEOatNHNG||Reviewed by||Ted, NEOatNHNG =>|
|2012-03-08 12:45||NEOatNHNG||Priority||immediate => high|
|2012-03-08 12:45||NEOatNHNG||Severity||block => major|
|2012-05-22 22:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver ab972aa7|
|2012-05-22 22:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver c15aa191|
|2012-05-22 22:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 1da58648|
|2012-05-22 22:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 2e6b80c1|
|2012-05-22 22:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 5de1cb4e|
|2012-05-22 23:10||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver eb9ed889|
|2012-05-22 23:10||NEOatNHNG||Source_changeset_attached||=> cacert-devel testserver 89c0c15f|
|2012-05-22 23:28||MartinGummi||Note Added: 0003001|
|2012-05-22 23:29||INOPIAE||Note Added: 0003002|
|2012-05-22 23:40||NEOatNHNG||Reviewed by||=> NEOatNHNG|
|2012-05-22 23:40||NEOatNHNG||Note Added: 0003004|
|2012-05-22 23:40||NEOatNHNG||Status||needs work => needs review & testing|
|2012-05-27 15:07||JonathanL||Note Added: 0003009|
|2012-05-27 15:09||JonathanL||Note Edited: 0003009|
|2012-05-27 15:14||INOPIAE||Note Edited: 0003009|
|2012-08-21 21:26||NEOatNHNG||Status||needs review & testing => needs review|
|2012-09-04 22:44||NEOatNHNG||Reviewed by||NEOatNHNG => dastrath, NEOatNHNG|
|2012-09-04 22:44||NEOatNHNG||Note Added: 0003181|
|2012-09-04 22:44||NEOatNHNG||Status||needs review => ready to deploy|
|2012-09-11 20:56||NEOatNHNG||Note Added: 0003183|
|2012-09-13 16:50||NEOatNHNG||Source_changeset_attached||=> cacert-devel release 7400caae|
|2012-09-17 08:49||wytze||Note Added: 0003198|
|2012-09-17 08:49||wytze||Status||ready to deploy => solved?|
|2012-12-04 07:18||Uli60||Relationship added||related to 0001021|
|2012-12-04 07:20||Uli60||Relationship added||related to 0000795|
|2012-12-26 16:44||Werner Dworak||Note Added: 0003569|
|2012-12-26 16:44||Werner Dworak||Status||solved? => closed|
|2013-01-15 18:10||Werner Dworak||Fixed in Version||=> 2012 Q3|