Last modified: 2008-02-16 01:29:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T10523, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 8523 - E-mail addresses for e-mailable users exposed through preference setting
E-mail addresses for e-mailable users exposed through preference setting
Status: RESOLVED WORKSFORME
Product: MediaWiki
Classification: Unclassified
Special pages (Other open bugs)
unspecified
All Linux
: Highest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
http://en.wikipedia.org/wiki/Special:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-07 21:24 UTC by alterego
Modified: 2008-02-16 01:29 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Copy of my test e-mail's CC (1.85 KB, text/plain)
2007-01-07 21:51 UTC, Aryeh Gregor (not reading bugmail, please e-mail directly)
Details

Description alterego 2007-01-07 21:24:34 UTC
It would be trivial to obtain a list of the e-mail addresses of all users who accept e-mails from 
other users. This may sound obvious, until you notice that the apparant intent of the provided e-mail 
form is to not expose the receiver's address to the sender. The preferences option "Send me copies of 
emails I send to other users" contains the receiver's address in plain text. I suggest replacing the 
To field with the receiver's username instead.
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-01-07 21:37:48 UTC
I don't understand where this is revealed.  It's not in the form's HTML.  Is it
revealed somehow in the CC?  I don't see it in the test e-mail I sent.  Could
you clarify?
Comment 2 alterego 2007-01-07 21:43:54 UTC
It is revealed in the copy of the e-mail the sender receives. This makes the form 
completely irrelevant - the special page may as well just give the sender the 
address out right and tell them to send their own e-mail.

The existence of such a form is for sending e-mails to users who wish to remain 
anonymous yet be reachable outside of Wikipedia itself. Because of this option, this 
functionality does not actually exist.
Comment 3 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-01-07 21:51:13 UTC
Created attachment 3030 [details]
Copy of my test e-mail's CC

This is what I received when I tested on en-wiki (that address of mine blanked
out).  The recipient's address is not shown anywhere.
Comment 4 Brion Vibber 2007-01-07 22:14:15 UTC
I also cannot reproduce this problem. The copy I receive contains the
recepient's wiki username in the subject line, but not their email address.

Please note that the copy is not sent via traditional "CC", but that a
completely separate mail is sent.

Here's the wrapping of the subject line with the CC notice:
$cc_subject = wfMsg('emailccsubject', $this->target->getName(), $subject);

($target is a User object. Notice that the address of the target is excluded;
only the name is interpolated.)

And here's the mailing:
$ccResult = userMailer( $from, $from, $cc_subject, $this->text );

This sends the same body text as the main mail, but the 'to' address is the
sender, not the recipient.

So unless you've manually put the recipient's address into your mail's subject
or body text, I don't think it's possible for it to creep in.

alterego, can you show us a sample mail exhibiting the problem?
Comment 5 Tomer Chachamu 2008-02-16 01:29:20 UTC
Resolving.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links