Web Wiz Support and Community Forums : E-mail Notify problem with Comcast Addys

Web Wiz Support and Community Forums : E-mail Notify problem with Comcast Addys https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Mon, 13 Apr 2026 21:13:24 +0000 Wed, 10 Aug 2005 15:30:19 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=16164 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[E-mail Notify problem with Comcast Addys : Awesome Suggestion! Thanks so...]]> https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88590.html#88590 Author: niugiovanni
Subject: 16164
Posted: 10 August 2005 at 3:30pm

Awesome Suggestion! Thanks so much. I figured it had to do with security but just couldn't find the reference. Thanks again!

Gio

]]> Wed, 10 Aug 2005 15:30:19 +0000 https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88590.html#88590 <![CDATA[E-mail Notify problem with Comcast Addys : "cast" gets converted...]]> https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88573.html#88573 Author: JJLatWebWiz
Subject: 16164
Posted: 10 August 2005 at 12:00pm

"cast" gets converted to "cast" to prevent the SQL function "CAST" from being injected. I found that the sendmail() function in pm_post_message.asp uses the decodeString() function to decode the username and email addresses. However, in email_messenger.asp, all the variables are sent to the sendmail() function raw.

This is definitely a bug in 7.92 that seems to also exist at least as far back as 7.01. It seems to me that the best solution is to use the decodeString() function inside the sendmail() function itself. This more safely assumes the input is not sanitized.

In functions_send_mail.asp (in the forum/functions folder and the forum/admin/functions folder), immediately below the line "Function SendMail(...), add the following:

strRecipientEmailAddress = decodeString(strRecipientEmailAddress)
strRecipientName = decodeString(strRecipientName)
strFromEmailName = decodeString(strFromEmailName)
strFromEmailAddress = decodeString(strFromEmailAddress)

That should ensure that all the incoming data is restored before actually attempting to send mail.

]]> Wed, 10 Aug 2005 12:00:03 +0000 https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88573.html#88573 <![CDATA[E-mail Notify problem with Comcast Addys : The forum encodes certain character...]]> https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88549.html#88549 Author: dpyers
Subject: 16164
Posted: 09 August 2005 at 10:10pm

The forum encodes certain character strings that users enter toprevent sql injection attacks. Might be a good idea to includefunctions/functions_filters.asp in functions/send_mail.asp and run theemail address through the decodeString function before putting it inthe "To" field of whatever email component you're using.]]> Tue, 09 Aug 2005 22:10:06 +0000 https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88549.html#88549 <![CDATA[E-mail Notify problem with Comcast Addys : I'm having some problems...]]> https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88543.html#88543 Author: niugiovanni
Subject: 16164
Posted: 09 August 2005 at 7:08pm

I'm having some problems with my WebWiz forums not being able to mail out to Comcast Addresses. I've been through the code and can't seem to find the issue.

An e-mail that is entered by the user as this:

someone@comcast.net

will actually be mailed by the software as this:

someone @comcast.net

It seems as the the "S" is being replaced by an "s"

Anyone have any ideas or solutions?

Thanks

]]> Tue, 09 Aug 2005 19:08:59 +0000 https://forums.webwiz.net/email-notify-problem-with-comcast-addys_topic16164_post88543.html#88543