GNU Mailman

bad email sanitisation issue

Bug #266343 reported by Kangbooboo on 2006-05-31

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	New	Medium	Unassigned	GNU Mailman 2.1-stable

Bug Description

hi, we're using 2.1.5 and when someone added an email
address with quotes (") we got errors a bit everywhere
and mails not getting sent ^^

I looked into changelog up to 2.1.8 which is current
stable and this looks closely to bug #1030228, but
different character.

I would suggest adding the quote character to the
filter (ascii 042)
Or better, rewritte the filter but the reverse way.
only allow [a-zA-Z0-9\-\_\.\+] for email addresses ?
(i made this up from memory but email addresses cannot
contain much more ? maybe im saying something stupid here)

[http://sourceforge.net/tracker/index.php?func=detail&aid=1498213&group_id=103&atid=100103]

Revision history for this message

Kangbooboo (kangbooboo) wrote on 2006-05-31:

i forgot to say this is done when you're not using the web
interface to input the email+name (else name or mail with
quotes gets rejected as unknown)

Revision history for this message

Mark Sapiro (msapiro) wrote on 2006-06-01:

First of all, local-parts of email addresses are allowed to
be quoted per RFC2821 sec 4.1.2, but more importantly, can
you be more specific as to
1) the form of the address with " that caused problems
2) how it was added if not via the web interface
3) what specific errors/problems result

I note that I am able to add an address of the form

Real Name <"<email address hidden>">

via Mass Subscribe, and the resultant address receives mail
just as if it weren't quoted.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.