View Issue Details

IDProjectCategoryView StatusLast Update
0022335mantisbtdocumentationpublic2017-03-12 19:23
ReporterkewlguyAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.3.0-beta.1 
Target Version1.3.7Fixed in Version1.3.7 
Summary0022335: Wrong documentation of $g_limit_email_domains in Admin Guide
Description

2.1 doesnt restrict based on the setup variable of "limit_email_domain". When registering, it let me put the email outside of the limit email domain setting.

Steps To Reproduce

add $g_limit_email_domain to config_inc.php
Register for new user with email outside of that limit email domain setting
observe

Additional Information

This is our highest security concern.

TagsNo tags attached.

Activities

atrol

atrol

2017-02-07 16:50

developer   ~0055564

Last edited: 2017-02-07 17:02

View 2 revisions

Didn't try, but this might be a documentation issue.
The right name of the option is $g_limit_email_domains
and can contain multiple domains, e.g.
$g_limit_email_domains = array( 'users.sourceforge.net', 'sourceforge.net' );

kewlguy

kewlguy

2017-02-07 17:07

reporter   ~0055565

That one work. The documentation need to be updated.

kewlguy

kewlguy

2017-02-07 17:09

reporter   ~0055566

One thing i noticed, in the older version it will instruct to enter "username" and the email domain is added automatically. This is no longer true with 2.1 (It will return error saying its not valid instead)

atrol

atrol

2017-02-07 17:10

developer   ~0055567

PR https://github.com/mantisbt/mantisbt/pull/1020

atrol

atrol

2017-02-07 17:20

developer   ~0055568

in the older version it will instruct to enter "username" and the email domain is added automatically.

I don't understand what you want to tell with this.
How should Mantis know any email domain which can be added automatically?
Maybe this happens because your browser automatically fills fields based on previous inputs.

Related Changesets

MantisBT: master-1.3.x 8fdd8434

2017-02-07 17:06:42

atrol

Details Diff
Correct documentation of option limit_email_domains

Fixes 0022335
mod - docbook/Admin_Guide/en-US/config/email.xml Diff File

Issue History

Date Modified Username Field Change
2017-02-07 16:39 kewlguy New Issue
2017-02-07 16:50 atrol Status new => feedback
2017-02-07 16:50 atrol Note Added: 0055564
2017-02-07 17:02 atrol Note Edited: 0055564 View Revisions
2017-02-07 17:07 kewlguy Note Added: 0055565
2017-02-07 17:07 kewlguy Status feedback => new
2017-02-07 17:07 atrol Assigned To => atrol
2017-02-07 17:07 atrol Status new => assigned
2017-02-07 17:07 atrol Product Version 2.1.0 => 1.3.0-beta.1
2017-02-07 17:07 atrol Target Version => 1.3.7
2017-02-07 17:09 kewlguy Note Added: 0055566
2017-02-07 17:10 atrol Note Added: 0055567
2017-02-07 17:10 atrol Category email => documentation
2017-02-07 17:11 atrol Severity major => minor
2017-02-07 17:20 atrol Note Added: 0055568
2017-02-07 17:24 atrol Summary 2.1 doesnt follow "limit_email_domain" setting in the config_inc.php => Wrong documentation of $g_limit_email_domains in Admin Guide
2017-02-08 02:57 atrol Changeset attached => MantisBT master-1.3.x 8fdd8434
2017-02-08 02:57 atrol Status assigned => resolved
2017-02-08 02:57 atrol Resolution open => fixed
2017-02-08 02:57 atrol Fixed in Version => 1.3.7
2017-03-12 19:23 vboctor Status resolved => closed