[Kolab-devel] [issue2281] Invalid recipients not detected when sending invitations
Sascha Wilde
kolab-issues at intevation.de
Tue Dec 4 13:15:41 CET 2007
New submission from Sascha Wilde <wilde at intevation.de>:
Specially crafted contacts as described in issue2146 trigger even more
bugs:
When a contact with an email address of the form
<a href="mailto:blackhat at example.com">trusted at example.com</a>
is entered as attendee in an event, the invitation is send to
trusted at example.com (which is surprising, but ok) and in the To:
header the recipient is written as:
trusted at example.com <"a href= mailto:blackhat at example.com /a"@example.com>
which is -uhm- interesting at least.
BIG problem:
If there are more attendees, every recipient coming after the
manipulated one silently don't get the invitation. Kontact silently
ignores the addresses after the forged one.
Proposed solution:
Kontact should warn the user if attendees have an invalid email
address and refuse to accept them as recipients of invitations or
other event related mails.
----------
messages: 12925
nosy: bernhard, bh, ludwig, osterfeld, till, vkrause, wilde
priority: bug
status: unread
title: Invalid recipients not detected when sending invitations
topic: enterprise35, kde client
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue2281>
________________________________________________
More information about the devel
mailing list