Page MenuHomePhabricator
Create Task
Maniphest T201764

Facilitate sending to an arbitrary email address rather than a user account
Closed, ResolvedPublic
Actions

Description

I understand the mail sending mechanism is currently realised through the mediawiki core, but it would be great to be able to send forms to an arbitrary email address rather than a MediaWiki user account.

Among other possible use-cases, that could help mitigate the leakage of information about the persons whose wiki accounts are assigned to the recipient of the form, when it is undesirable to know who the person is.

Currently, when a submission is made using the form with the submitter requesting a copy of the form submission, the subject of email sent to the submitter is the content of the gettext string identified as "emailccsubject", i.e. "Copy of your message to $1: $2", which reveals the username of the recipient.

Details

SubjectRepoBranchLines +/-
Allow specifying a recipient email addressmediawiki/extensions/ContactPagemaster+25 -14
Customize query in gerrit

Related Objects

Event Timeline

ahmad created this task.Aug 11 2018, 5:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2018, 5:20 PM
Reedy subscribed.EditedAug 11 2018, 9:59 PM

Sending to an arbitary address just seems a great way for spammers to send spam out... It seems to defeat the point of the contactform when it's designed to go to a intended recipient

emailccsubject is a core message that we reuse...

Maybe we we should be using a different message?

Something along the lines of "Copy of your submission of $1: $2" where $1 is the title of the form (or similar) e.g. https://github.com/wikimedia/mediawiki-extensions-WikimediaMessages/blob/master/i18n/contactpage/en.json#L42, and $2 stays to be the subject?

ahmad added a comment.Aug 13 2018, 3:10 PM

By "arbitary address" I meant one set by the form administrator, instead of having to be that of a wikiuser account as currently is the case. Not one entered by the form user.

I'm considering working around this on the level of the UI string,

But there's also the usecase of having a workflow for handling received form submissions by one or more persons. As far as I know there's currently no way to distinguish emails sent through the form in order to set a rule, for example, to forward it to another address or autoreply.

I understand this is not the model of the current implementation, but it would be great to have.

Reedy added a comment.Aug 13 2018, 3:12 PM
In T201764#4498765, @ahmad wrote:

By "arbitary address" I meant one set by the form administrator, instead of having to be that of a wikiuser account as currently is the case. Not one entered by the form user.

Ok, that makes more sense. I'll update the task in a few

In T201764#4498765, @ahmad wrote:

But there's also the usecase of having a workflow for handling received form submissions by one or more persons.

At least at Wikimedia, we just use mailing lists/distribution lists or OTRS queues

Reedy renamed this task from Facilitate sending to an arbitrary email address to Facilitate sending to an arbitrary email address rather than a user account.Aug 13 2018, 3:13 PM
Reedy updated the task description. (Show Details)
ahmad added a comment.Aug 13 2018, 3:17 PM
In T201764#4498765, @ahmad wrote:

But there's also the usecase of having a workflow for handling received form submissions by one or more persons.

At least at Wikimedia, we just use mailing lists/distribution lists or OTRS queues

How does that work? Does the receiving wikiuser manually forward to the mailing list of a working group? Or are dummy wikiuser accounts are created in order to set their email addresses to that of the distribution list?

Reedy added a comment.Aug 13 2018, 3:22 PM

Yeah, "dummy" accounts are used. Often with an appropriate name/username, so the leaking you were mentioning is less of a problem

gerritbot added a comment.Oct 1 2024, 10:36 PM

Change #1077114 had a related patch set uploaded (by Jayden Bailey; author: Jayden Bailey):

[mediawiki/extensions/ContactPage@master] Allow specifying a recipient email address

https://gerrit.wikimedia.org/r/1077114

gerritbot added a project: Patch-For-Review.Oct 1 2024, 10:36 PM
gerritbot added a comment.Oct 14 2024, 11:27 AM

Change #1077114 merged by jenkins-bot:

[mediawiki/extensions/ContactPage@master] Allow specifying a recipient email address

https://gerrit.wikimedia.org/r/1077114

Restricted Repository Identity mentioned this in rECPA3a9fe11427ac: Allow specifying a recipient email address.Oct 14 2024, 11:28 AM
Maintenance_bot removed a project: Patch-For-Review.Oct 14 2024, 11:30 AM
Ammarpad closed this task as Resolved.Oct 14 2024, 11:42 AM
Ammarpad assigned this task to ahmad.
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.27; 2024-10-15).Oct 14 2024, 12:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits