Fixing: E-Mail addresses with special characters are not working. Changed the mail address to match the original input for the validator, add user and update user.
Made in correspondence to and fixes #11796
Thanks for the PR @Kallaen :+1:
(when reviewing the PR, since it will now allow for some XSS prone characters, we should specifically look for XSS injections in the email address)
Thanks for the reply. Yea, I saw the test failing. I'll look into it again.
To better check for XSS here, can you change the UITestFixture.php class so the users used in UI tests have XSS email addresses?
You'd have to change this line: https://github.com/matomo-org/matomo/blob/3.x-dev/tests/PHPUnit/Fixtures/UITestFixture.php#L71
to be something like:
UsersManagerAPI::getInstance()->addUser('oliverqueen', 'smartypants', self::makeXssContent('useremail') . '<a class='mention' href='https://github.com/queenindustries'>@queenindustries</a>.com');
It would also be good to change the super user's email address to an XSS one, since I think that user is used throughout the UI tests. To do that, you'd have to add a
UsersManagerAPI::getInstance()->updateUser(...) call to this method: https://github.com/matomo-org/matomo/blob/3.x-dev/tests/PHPUnit/Fixtures/UITestFixture.php#L43
UsersManagerAPI::getInstance()->updateUser('superUserLogin', $password = false, self::makeXssContent('superuseremail') . '<a class='mention' href='https://github.com/example'>@example</a>.com');
Do you think you'll be able to make the changes as suggested?
Thanks again for the PR!
@Kallaen Still busy? Or do you maybe have some time the coming days?
@sgiehl As the github user got deleted I guess this pull request won't be changed anymore.
Closing then. Maybe some is keen on recreating this PR with the suggested changes...