View Issue Details

IDProjectCategoryView StatusLast Update
0019712mantisbtemailpublic2015-05-27 12:49
Reportercdijoux Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version1.3.0-beta.2 
Summary0019712: Error for option "limit_email_domains"
Description

Hello,

I get your patch located at http://mantisbt.org/bugs/view.php?id=2609 and i see a mistake in the method "email_is_valid" (core/email_api.php : 110). I integrate this code (and test it) in my Mantis version (1.2.17) BUT it's exactly the same code for your Mantis version 1.3.0-beta.2 .

The error : if the option "$t_limit_email_domains" is not empty, you check if the variable "$t_email_domain" is contained in "$t_limit_email_domains" and if it's the case => email is valid (return true).
But if it's not the case, you didn't return "false" and you potentially return "true", even if you have to return "false" because the email is not authorized.

To add after the "foreach" but in the "if" (line 136):
return false;

TagsNo tags attached.

Activities

atrol

atrol

2015-05-12 14:47

developer   ~0050746

This is the code from 1.3.0-beta.2
I don't see the the mentioned problem
<pre>
if( !empty( $t_limit_email_domains ) ) {
foreach( $t_limit_email_domains as $t_email_domain ) {
if( 0 == strcasecmp( $t_email_domain, $t_domain ) ) {
return true; # no need to check mx record details (below) if we've explicity allowed the domain
}
}
return false;
}
</pre>

cdijoux

cdijoux

2015-05-13 02:02

reporter   ~0050751

Oh, I apparently didn't check the correct branch on Github ... sorry.

Well, the bug is only in the patch suggest in the post 0002609 :
https://github.com/mantisbt/mantisbt/blob/d5870f801d3ee0387bcc0a9062d3577c76cd7bda/core/email_api.php