You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem? 1. Install a fresh TXP 4.4.0.
2. View comments for default article (ID:1).
3. Note commenter's email address. What is the expected output? What do you see instead? - I expected to see an email address ending @example.com (or similar RFC2606 -friendly domain). I actually see me@here.com What version of the product are you using? On what operating system? - 4.4.0, but this seems to go back a looong way in previous releases. Time and date stamp for the comment is 22 Jul 2005 21:11:32 which implies it's in lots of previous TXP releases. Please provide any additional information below. - The website provided by the commenter is http://example.com and is RFC2606 -friendly. The email address resolves to here.com which is a valid commercial domain and not RFC2606 -friendly. Although unlikely, it is possible to display the email address via <txp:comment_email />, which then leaves it open to spam harvesting etc. The issue can be resolved by changing the email address to me@example.com, donald.swain@example.com or something equally RFC2606 -safe. Check /textpattern/setup/txpsql.php, line #149 to see what I mean. I've attached a diff for the file and what I consider to be a 'safe' email address.
From gaek...@gmail.com on May 30, 2011 16:26:27
What steps will reproduce the problem? 1. Install a fresh TXP 4.4.0.
2. View comments for default article (ID:1).
3. Note commenter's email address. What is the expected output? What do you see instead? - I expected to see an email address ending @example.com (or similar RFC2606 -friendly domain). I actually see me@here.com What version of the product are you using? On what operating system? - 4.4.0, but this seems to go back a looong way in previous releases. Time and date stamp for the comment is 22 Jul 2005 21:11:32 which implies it's in lots of previous TXP releases. Please provide any additional information below. - The website provided by the commenter is http://example.com and is RFC2606 -friendly. The email address resolves to here.com which is a valid commercial domain and not RFC2606 -friendly. Although unlikely, it is possible to display the email address via <txp:comment_email />, which then leaves it open to spam harvesting etc. The issue can be resolved by changing the email address to me@example.com, donald.swain@example.com or something equally RFC2606 -safe. Check /textpattern/setup/txpsql.php, line #149 to see what I mean. I've attached a diff for the file and what I consider to be a 'safe' email address.
I've thought about submitting this for a long time but never really got around to it. It's a minor thing, clearly, but if it can mitigate any potential legal snarkiness from anyone at here.com, it can only be a good thing. It's also best practise to use safe domains for this sort of thing. http://whois.domaintools.com/here.com http://tools.ietf.org/html/rfc2606 http://textpattern.net/wiki/index.php?title=comment_email
Attachment: txpsql-diff.txt
Original issue: http://code.google.com/p/textpattern/issues/detail?id=112
The text was updated successfully, but these errors were encountered: