Last modified: 2008-02-16 01:29:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 8523 - E-mail addresses for e-mailable users exposed through preference setting
E-mail addresses for e-mailable users exposed through preference setting
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
All Linux
: Highest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2007-01-07 21:24 UTC by alterego
Modified: 2008-02-16 01:29 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Copy of my test e-mail's CC (1.85 KB, text/plain)
2007-01-07 21:51 UTC, Aryeh Gregor (not reading bugmail, please e-mail directly)

Description alterego 2007-01-07 21:24:34 UTC
It would be trivial to obtain a list of the e-mail addresses of all users who accept e-mails from 
other users. This may sound obvious, until you notice that the apparant intent of the provided e-mail 
form is to not expose the receiver's address to the sender. The preferences option "Send me copies of 
emails I send to other users" contains the receiver's address in plain text. I suggest replacing the 
To field with the receiver's username instead.
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-01-07 21:37:48 UTC
I don't understand where this is revealed.  It's not in the form's HTML.  Is it
revealed somehow in the CC?  I don't see it in the test e-mail I sent.  Could
you clarify?
Comment 2 alterego 2007-01-07 21:43:54 UTC
It is revealed in the copy of the e-mail the sender receives. This makes the form 
completely irrelevant - the special page may as well just give the sender the 
address out right and tell them to send their own e-mail.

The existence of such a form is for sending e-mails to users who wish to remain 
anonymous yet be reachable outside of Wikipedia itself. Because of this option, this 
functionality does not actually exist.
Comment 3 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-01-07 21:51:13 UTC
Created attachment 3030 [details]
Copy of my test e-mail's CC

This is what I received when I tested on en-wiki (that address of mine blanked
out).  The recipient's address is not shown anywhere.
Comment 4 Brion Vibber 2007-01-07 22:14:15 UTC
I also cannot reproduce this problem. The copy I receive contains the
recepient's wiki username in the subject line, but not their email address.

Please note that the copy is not sent via traditional "CC", but that a
completely separate mail is sent.

Here's the wrapping of the subject line with the CC notice:
$cc_subject = wfMsg('emailccsubject', $this->target->getName(), $subject);

($target is a User object. Notice that the address of the target is excluded;
only the name is interpolated.)

And here's the mailing:
$ccResult = userMailer( $from, $from, $cc_subject, $this->text );

This sends the same body text as the main mail, but the 'to' address is the
sender, not the recipient.

So unless you've manually put the recipient's address into your mail's subject
or body text, I don't think it's possible for it to creep in.

alterego, can you show us a sample mail exhibiting the problem?
Comment 5 Tomer Chachamu 2008-02-16 01:29:20 UTC

Note You need to log in before you can comment on or make changes to this bug.