Closed Alex-Jordan closed 5 months ago
I didn't even realize you could enter in an email address in the from box. Checked that if a user doesn't have an email address you can enter one in, but if they do, they cannot edit or change the email address.
I wonder if we should allow entering in of an email address in the 'from' category in this case, or maybe make it a course option if students without email address can enter in their own when sending emails or not. I guess I'm not sure what sort of issues could arise from students entering in bad or maybe malicious emails in the from category.
So another option could be just disable the email button for students who don't have email address, making it something an instructor would have to fix for them.
@Alex-Jordan I just tried to reproduce your bug in 2.18, and I cannot send emails without entering in a valid email address. When I click "Send E-Mail", the javascript keeps me from submitting the form, and a popup on the from field appears telling me to "Please fill out this field". What version did you experience this on (assuming you have updated all the javascript files as well with npm
).
I haven't tried this myself. It comes from a Runestone subscriber report, where the version is 2.18. Perhaps the real issue is a student entered an invalid email address, and it passed that JavaScript bar, but was not a valid email address string for Encode.pm. That would be more consistent with the error message.
On Fri, Feb 2, 2024, 9:20 AM Jaimos Skriletz @.***> wrote:
@Alex-Jordan https://protect2.fireeye.com/v1/url?k=31323334-501cfaeb-3132feb7-454455535732-3f12739f6a8376e0&q=1&e=9e09fd7d-0e3b-4ea8-b365-a1c7e634c292&u=https%3A%2F%2Fgithub.com%2FAlex-Jordan I just tried to reproduce your bug in 2.18, and I cannot send emails without entering in a valid email address. When I click "Send E-Mail", the javascript keeps me from submitting the form, and a popup on the from field appears telling me to "Please fill out this field". What version did you experience this on (assuming you have updated all the javascript files as well with npm).
— Reply to this email directly, view it on GitHub https://protect2.fireeye.com/v1/url?k=31323334-501cfaeb-3132feb7-454455535732-3d97e4b5e229adf7&q=1&e=9e09fd7d-0e3b-4ea8-b365-a1c7e634c292&u=https%3A%2F%2Fgithub.com%2Fopenwebwork%2Fwebwork2%2Fissues%2F2312%23issuecomment-1924330401, or unsubscribe https://protect2.fireeye.com/v1/url?k=31323334-501cfaeb-3132feb7-454455535732-2607c41d974d1746&q=1&e=9e09fd7d-0e3b-4ea8-b365-a1c7e634c292&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABEDOACKQU3U3FRN7D6WRVTYRUN5TAVCNFSM6AAAAABCW623TGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRUGMZTANBQGE . You are receiving this because you were mentioned.Message ID: @.***>
Okay, I tried with entering in bademail
without any @
and am able to reproduce the error, so yea javascript is only checking if from is empty.
Note that javascript is not doing any form validation on this. This is native browser form validation.
Fixed in #2313
If a student has no email address and emailing the instructor is allowed, when they use the Email Instructor button but do not fill out the email address at that time, and they send a message, there is an error
Argument contains empty host portion of address at .../Encode.pm line ...
.Perhaps they should not be allowed to click send until they have entered a validated email address in that field.