[#14247] Check email address for event reminders
Summary Check email address for event reminders
Queue Kronolith
Queue Version FRAMEWORK_5_2
Type Enhancement
State Feedback
Priority 1. Low
Owners
Requester wahnes@uni-koeln.de
Created 2016-02-09 (1722 days ago)
Due
Updated 2016-02-12 (1719 days ago)
Assigned
Resolved
Milestone
Patch No

Comments
wahnes@uni-koeln.de 2016-02-09 15:19:05
When chosing to have an email remindet sent for an event, the email 
address that a user enters into the form is not checked.  If the input 
is in fact not a valid email address (e.g. just the username with no 
domain), this leads to problems at the time the reminders are to be 
sent, with the site administrator receiving emails from the cronjob 
running horde-alarms. The invalid input should be caught at the time 
the user fills out the form so that they can enter a valid email 
address instead.

I see two ways in which the form used for entering an email address 
for reminders to an event could be improved:

(1) Append the default domain to unqualified addresses just like IMP 
does. This may be a bit difficult to do since the domains that would 
need to be appended are only set in IMP's backends.local.php, so that 
info might not be available to Kronolith. Maybe the form should be 
re-displayed in this case with a note to the user to make clear that 
the email address has been changed automatically.

(2) Do at least some basic checking of user input, i.e. validate that 
it is a syntactically correct email address.  For instance, an input 
such as "a@b@c" should never be accepted.

Jan Schneider <jan@horde.org> 2016-02-12 11:01:59
> (1) Append the default domain to unqualified addresses just like IMP 
> does. This may be a bit difficult to do since the domains that would 
> need to be appended are only set in IMP's backends.local.php, so 
> that info might not be available to Kronolith. Maybe the form should 
> be re-displayed in this case with a note to the user to make clear 
> that the email address has been changed automatically.

Not an option, because of the reasons that you mentioned.

> (2) Do at least some basic checking of user input, i.e. validate 
> that it is a syntactically correct email address.  For instance, an 
> input such as "a@b@c" should never be accepted.

No reason to do just basic checking. The only question is whether to 
use Horde_Mail_Rfc822#parseAddressList() or 
Horde_Form_Type_email#validateEmailAddress() with optional SMTP server 
checking.

wahnes@uni-koeln.de 2016-02-12 15:47:47
>> (1) Append the default domain to unqualified addresses just like IMP
>> does. This may be a bit difficult to do since the domains that would
>> need to be appended are only set in IMP's backends.local.php, so that
>> info might not be available to Kronolith. Maybe the form should be
>> re-displayed in this case with a note to the user to make clear that
>> the email address has been changed automatically.

> Not an option, because of the reasons that you mentioned.

OK, so an entry in the email address field that is lacking a domain 
name would just be a special case of the general "this email address 
is invalid" scheme then.