Avoid SurveyTool sending to bogus email addresses

Description

Rick reported that ST tried to email to an email address "0". It's not clear where that came from. We could make this function more robust by returning null unless u.email contains @:

1 2 3 4 5 6 7 8 9 10 11 12 private String getEmailForUser(int user) { UserRegistry.User u = CookieSession.sm.reg.getInfo(user); if (u == null || UserRegistry.userIsLocked(u) || UserRegistry.userIsExactlyAnonymous(u)) { return null; } if (u.email.equals("admin@")) { return null; // no mail to admin } return u.email; }

That is, insert:

1 2 3 if (u.email == null || !u.email.contains("@")) { return null; }

Also in its caller we could skip sb.append unless getEmailForUser returns non-null:

1 2 3 4 5 6 7 8 9 10 11 12 13 public void queue(Integer fromUser, int toUser, String subject, String body, CLDRLocale locale, Integer xpath, Integer post, Set<Integer> cc) { String ccstr = null; if (cc != null && !cc.isEmpty()) { StringBuilder sb = null; for (int u : cc) { if (sb == null) { sb = new StringBuilder(); } else { sb.append(", "); } sb.append('<'); sb.append(getEmailForUser(u)); sb.append('>');

That is, make it:

1 2 3 4 5 6 7 8 9 10 11 12 13 for (int u : cc) { String email = getEmailForUser(u); if (email != null) { if (sb == null) { sb = new StringBuilder(); } else { sb.append(", "); } sb.append('<'); sb.append(email); sb.append('>'); } }

 

xpath

None

locale

None

Status

Priority

TBD

Assignee

Unassigned

Reporter

Thomas Bishop

tracReporter

None

Reviewer

None

Labels

None

Components

Fix versions

phase

None
Configure