@Kallaen opened this Pull Request on March 9th 2018

Fixing: E-Mail addresses with special characters are not working. Changed the mail address to match the original input for the validator, add user and update user.

Made in correspondence to and fixes #11796

@mattab commented on March 19th 2018 Member

Thanks for the PR @Kallaen :+1:

(when reviewing the PR, since it will now allow for some XSS prone characters, we should specifically look for XSS injections in the email address)

@Kallaen commented on March 19th 2018

Thanks for the reply. Yea, I saw the test failing. I'll look into it again.

@diosmosis commented on March 25th 2018 Member

To better check for XSS here, can you change the UITestFixture.php class so the users used in UI tests have XSS email addresses?

You'd have to change this line: https://github.com/matomo-org/matomo/blob/3.x-dev/tests/PHPUnit/Fixtures/UITestFixture.php#L71

to be something like:

UsersManagerAPI::getInstance()->addUser('oliverqueen', 'smartypants', self::makeXssContent('useremail') . '<a class='mention' href='https://github.com/queenindustries'>@queenindustries</a>.com');

It would also be good to change the super user's email address to an XSS one, since I think that user is used throughout the UI tests. To do that, you'd have to add a UsersManagerAPI::getInstance()->updateUser(...) call to this method: https://github.com/matomo-org/matomo/blob/3.x-dev/tests/PHPUnit/Fixtures/UITestFixture.php#L43

eg:

UsersManagerAPI::getInstance()->updateUser('superUserLogin', $password = false, self::makeXssContent('superuseremail') . '<a class='mention' href='https://github.com/example'>@example</a>.com');
@mattab commented on April 23rd 2018 Member

Hi @Kallaen
Do you think you'll be able to make the changes as suggested?
Thanks again for the PR!

@Kallaen commented on April 27th 2018

@mattab Sorry, I can't find the time to do it at the moment.

@sgiehl commented on June 18th 2018 Member

@Kallaen Still busy? Or do you maybe have some time the coming days?

Powered by GitHub Issue Mirror