Page MenuHomePhabricator
Create Task
Maniphest T238008

🐛 Bug | Email is not properly validated, resulting in empty page
Closed, ResolvedPublic
Actions

Description

Steps to reproduce:

Fill with in donation form with email address teste®@example.com and push submit

Expected Result:
Email address is shown as invalid

Actual result:
Form is submitted, but validation fails and user sees an empty page.

Notice: Search the application log for Unexpected server-side form validation errors to get ideas for other invalid email addresses.

It seems like the "source" field for the email ConstraintViolation is not set, because the error message Unexpected server-side form validation errors in the application log does not contain the field name and the PHP error log contains notices: PHP Notice: Undefined index: in /usr/share/nginx/www/spenden.wikimedia.de/release-20191111172411/src/Presentation/Presenters/DonationFormViolationPresenter.php on line 146. But this is a side-effect, not the root rause of the underlying error. Please fix it if possible.

Event Timeline

gabriel-wmde created this task.Nov 11 2019, 5:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 11 2019, 5:42 PM
gabriel-wmde renamed this task from Email is not properly validated, resulting in empty page to 🐛 Email is not properly validated, resulting in empty page.Nov 11 2019, 5:43 PM
gabriel-wmde added a project: WMDE-Fundraising-Tech.Nov 11 2019, 5:48 PM
Restricted Application added a project: WMDE-FUN-Team. · View Herald TranscriptNov 11 2019, 5:48 PM
gabriel-wmde updated the task description. (Show Details)Nov 11 2019, 5:51 PM
chrp renamed this task from 🐛 Email is not properly validated, resulting in empty page to 🐛 Bug | Email is not properly validated, resulting in empty page.Nov 12 2019, 9:04 AM
chrp moved this task from Incubation to Heap on the WMDE-FUN-Funban-2019 board.Nov 12 2019, 9:07 AM
CorinnaHillebrand_WMDE claimed this task.Nov 14 2019, 10:24 AM
CorinnaHillebrand_WMDE moved this task from Heap to Doing on the WMDE-FUN-Funban-2019 board.
gabriel-wmde added a comment.Nov 14 2019, 6:19 PM

While investigating, we found two bugs:

  1. Laika does not send emails to the validate-email route when submitting an address. This allows for the observed behavior of being able to submit an invalid email to donation/add.
  2. Our homegrown EmailAddress and EmailValidator classes are too strict. We disallow multiple '@' signs (which could be quoted to become a valid email address) and don't check emails with the [[ https://www.php.net/manual/en/filter.filters.flags.php | FILTER_FLAG_EMAIL_UNICODE ]] flag to allow for unicode characters in the local part.
gabriel-wmde removed CorinnaHillebrand_WMDE as the assignee of this task.Nov 19 2019, 3:36 PM
gabriel-wmde moved this task from Doing to Code Review on the WMDE-FUN-Funban-2019 board.
gabriel-wmde added a subscriber: CorinnaHillebrand_WMDE.
chrp moved this task from Code Review to Blocked externally on the WMDE-FUN-Funban-2019 board.Nov 21 2019, 10:35 AM
chrp moved this task from Blocked externally to Done on the WMDE-FUN-Funban-2019 board.
kai.nissen closed this task as Resolved.Jan 9 2020, 5:46 PM
kai.nissen claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL