Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58038

Email: Allowed domain name check fails for all domains except last one (PHP_EOL mismatch)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.2.2
    • Component/s: Email, Libraries
    • Labels:
    • Testing Instructions:
      Hide

      Prereqs:

      1. Set up mailcatcher and enter the server details(localhost:1025) into your smtp settings in Moodle.
      2. Open mailcatcher in browser (localhost:1080) so you can check outbound mail.
      3. Create a course and enrol one student.
      4. Set forum editing time for forum posts to 1 minute (Site administration > Security > Site policies)

      As an admin:

      1. Set your email address to 'something@example.com'.
      2. Edit your profile and make sure that 'Email display' is set to 'Allow everyone to see'
      3. Add the following to your allowed email domains (in outgoing mail settings), each on a line of it's own:
        example.com
        gmail.com
      4. Add a forum to the course and create the first discussion topic
      5. Now, log out.

      As the student:

      1. Log in and subscribe to the forum topic.
      2. Reply to the discussion topic.
      3. Log out.

      Now as the admin:

      1. Log in and reply to the student's post, making sure to check the box to skip the posting delay time.
      2. Run cron and check the mailcatcher output.
      3. Check the most recent email and select 'Source' in the bottom pane. This displays the mail headers.
      4. Confirm that the 'From' header reads: "Admin user (via xxx) <someone@example.com>", i.e. it is not using the no reply address.
      Show
      Prereqs: Set up mailcatcher and enter the server details(localhost:1025) into your smtp settings in Moodle. Open mailcatcher in browser (localhost:1080) so you can check outbound mail. Create a course and enrol one student. Set forum editing time for forum posts to 1 minute (Site administration > Security > Site policies) As an admin: Set your email address to 'something@example.com'. Edit your profile and make sure that 'Email display' is set to 'Allow everyone to see' Add the following to your allowed email domains (in outgoing mail settings), each on a line of it's own: example.com gmail.com Add a forum to the course and create the first discussion topic Now, log out. As the student : Log in and subscribe to the forum topic. Reply to the discussion topic. Log out. Now as the admin : Log in and reply to the student's post, making sure to check the box to skip the posting delay time. Run cron and check the mailcatcher output. Check the most recent email and select 'Source' in the bottom pane. This displays the mail headers. Confirm that the 'From' header reads: "Admin user (via xxx) <someone@example.com>", i.e. it is not using the no reply address.
    • Affected Branches:
      MOODLE_32_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-58038-master-3

      Description

      in Email -> Outbound config -> Allowed email domains, if one add a couple of allowed domains, say, '*.example.com', 'example.com', each on the new line, then the 'is_domain_in_allowed_list' function fails due to regex match error.

      Example of the $alloweddomains array, where elements are separated by line breaks. The check will fail for all domains except the last one.

      array(2) { [0]=> string(14) "*.example.com " [1]=> string(11) "example.com" }
      array(5) { [0]=> string(10) "gmail.com " [1]=> string(7) "kth.se " [2]=> string(6) "su.se " [3]=> string(11) "hotmail.com" }
      

      and this is what is saved in DB for CFG->allowedemaildomains:

      gmail.com\r\nkth.se\r\nsu.se\r\nhotmail.com
      

      When looking at the source, it is clear that exploding function did not delete all line breaks, so it is still there for all domains except last one. Because of this, is_domain_matching_pattern fires FALSE for '*.example.com ". The latter will be working though.

      This seems to be system-dependent, so here is my set up: Apache/2.4.23 (Unix) PHP/5.6.28

      On the screenshot attached, the string stands for CFG->allowedemaildomains, while array is the result of exploding that string by PHP_EOL.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                3 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Mar/17