[OO-1105] Hardening against uppercase characters in email addresses - OpenOLAT Issue Management

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 9.4.0
Fix Version/s: 9.4.2
Component/s: DMZ, Registration, Login
Labels:
None

Funded by:
- VCRP

Description

Found two places where email addresses are not converted to lower case. This can cause problems with databases whose queries are case sensitive (PostgreSQL, Oracle). The best way I think is to convert them directly when reading the form values.

This is the patch for EmailSendingForm:

diff -r f425e397c1fd src/main/java/org/olat/registration/EmailSendingForm.java
--- a/src/main/java/org/olat/registration/EmailSendingForm.java	Wed May 21 12:49:44 2014 +0200
+++ b/src/main/java/org/olat/registration/EmailSendingForm.java	Tue Jun 17 10:51:50 2014 +0200
@@ -71,7 +71,7 @@
 	}
 
 	protected String getEmailAddress() {
-		return mail.getValue().trim();
+		return mail.getValue().toLowerCase().trim();
 	}
 	
 	@Override

org/olat/shibboleth/ShibbolethRegistrationWithEmailForm.java is also affected:

 	/**
 	 * 
 	 * @return E-mail field
 	 */
-	protected String getEmail() { return eMail.getValue(); }
+	protected String getEmail() { return eMail.getValue().toLowerCase().trim(); }

Attachments

Activity

People

Assignee:: Stéphane Rossé

Reporter:: Stephan Clemenz

Tester:: Kirsten Scherer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Jun/14 10:54 AM

Updated:: 18/Jun/14 6:28 PM

Resolved:: 17/Jun/14 4:27 PM

Time Tracking

Estimated:

Remaining:

Logged:

10m