Project

General

Profile

Actions

Bug #90224

closed

Spamprotection anomalies when writing &subject Parameter

Added by Lukas Dörr almost 5 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2020-01-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

I recently found out, that you can`t use more than one word in the &subject Parameter when creating a mailto: link in typo3.
So the "spaces" will be replaced with some random signs (mostly @).

Try it yourself:
config.spamProtectEmailAddresses = 1

and then write this:
mailto:%x%subject=hello%20world

or without %20.

this spits out: hello@world in the subject field.

without spamProtection it works normal.

Actions #1

Updated by Andreas Kienast over 4 years ago

  • Status changed from New to Needs Feedback

Thank you for your report.

I fail to reproduce this issue in latest master and 9.5.15-dev.
Can you please describe step-by-step what you're doing to reproduce the issue?

Kind regards
Andreas

Actions #2

Updated by Lukas Dörr over 4 years ago

Andreas Fernandez wrote:

Thank you for your report.

I fail to reproduce this issue in latest master and 9.5.15-dev.
Can you please describe step-by-step what you're doing to reproduce the issue?

Kind regards
Andreas

just create a link and add the title parameter, as you do by adding it in your href link.
Like this:

mailto:?subject=free chocolate

This will show some garbadge in url and in your mail client if you click on it.

Actions #3

Updated by Riccardo De Contardi over 4 years ago

I tried with latest 10.4.4-dev (latest master) and the following test:

1) TS Setup:

config.spamProtectEmailAddresses = 1

2) Create a text content element, write some text, use wizard to add a link

type: email
email address:

test@gmail.com?subject=this%20is%20a%20subject

result: the javascript encrypts everything; clicking on the address my mail client opens with the address and subject correctly filled.

The only weird result I got was when using a space instead of %20: in this case part of the subject became the attribute target (!) of the link

Actions #4

Updated by Benni Mack almost 3 years ago

Can you try again with the latest 10.4.22 ? We changed a lot of things (regarding security) in this area.

Actions #5

Updated by Lukas Dörr almost 3 years ago

Benni Mack wrote in #note-4:

Can you try again with the latest 10.4.22 ? We changed a lot of things (regarding security) in this area.

I can confirm it works now - Text is shown normal, even with encrypted mail address activated.

https://imgur.com/a/kKCGLgl

Actions #6

Updated by Benni Mack almost 3 years ago

  • Status changed from Needs Feedback to Closed

Thanks for the super-fast reply, closing this issue now!

Actions

Also available in: Atom PDF