Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-RFC2606 domain used in email address for new installation example comment (aka the infamous Donald Swain) #116

Closed
ghost opened this issue Oct 4, 2014 · 1 comment

Comments

@ghost
Copy link

ghost commented Oct 4, 2014

From gaek...@gmail.com on May 30, 2011 16:26:27

What steps will reproduce the problem? 1. Install a fresh TXP 4.4.0.
2. View comments for default article (ID:1).
3. Note commenter's email address. What is the expected output? What do you see instead? - I expected to see an email address ending @example.com (or similar RFC2606 -friendly domain). I actually see me@here.com What version of the product are you using? On what operating system? - 4.4.0, but this seems to go back a looong way in previous releases. Time and date stamp for the comment is 22 Jul 2005 21:11:32 which implies it's in lots of previous TXP releases. Please provide any additional information below. - The website provided by the commenter is http://example.com and is RFC2606 -friendly. The email address resolves to here.com which is a valid commercial domain and not RFC2606 -friendly. Although unlikely, it is possible to display the email address via <txp:comment_email />, which then leaves it open to spam harvesting etc. The issue can be resolved by changing the email address to me@example.com, donald.swain@example.com or something equally RFC2606 -safe. Check /textpattern/setup/txpsql.php, line #149 to see what I mean. I've attached a diff for the file and what I consider to be a 'safe' email address.

I've thought about submitting this for a long time but never really got around to it. It's a minor thing, clearly, but if it can mitigate any potential legal snarkiness from anyone at here.com, it can only be a good thing. It's also best practise to use safe domains for this sort of thing. http://whois.domaintools.com/here.com http://tools.ietf.org/html/rfc2606 http://textpattern.net/wiki/index.php?title=comment_email

Attachment: txpsql-diff.txt

Original issue: http://code.google.com/p/textpattern/issues/detail?id=112

@ghost ghost added the imported label Oct 4, 2014
@ghost
Copy link
Author

ghost commented Oct 4, 2014

From r.wetzlmayr on May 30, 2011 23:02:39

This issue was closed by revision r3562 .

Status: Fixed

@ghost ghost closed this as completed Oct 4, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants