Opened 12 years ago
Last modified 5 years ago
#10958 new defect
Exception while processing email links without EMAIL_VIEW privilege
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Component: | MarkdownMacro |
Severity: | normal | Keywords: | |
Cc: | Trac Release: |
Description (last modified by )
When markdown content contains email links like this:
[test](mailto:email@example.com)
and viewer doesn't have EMAIL_VIEW permission, it end up with exception (AttributeError: 'NoneType' object has no attribute 'group'
).
Trac converts such links (Formatter called from Markdown/macro.py) to:
<p>email@… </p>
which doesn't match to HREF regexp. This causes exception on line 48 in Markdown/macro.py:
url = re.search(HREF, out.getvalue()).groups()[0]
MarkdownMacro 0.11.2
Attached some workaround patch.
Attachments (1)
Change History (21)
Changed 12 years ago by
Attachment: | markdown-email.patch added |
---|
comment:1 Changed 12 years ago by
Owner: | changed from Douglas Clifton to Ryan J Ollos |
---|---|
Priority: | normal → high |
Status: | new → assigned |
Thanks for the patch.
comment:2 Changed 12 years ago by
Description: | modified (diff) |
---|
comment:3 Changed 12 years ago by
There is a small issue with the patch. When the user doesn't have EMAIL_VIEW
permission, a link will be rendered with an obfuscated email in the href
. I think we'd be better off just rendering the obfuscated email without wrapping it in a link, like Trac does.
comment:4 Changed 12 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:5 Changed 12 years ago by
marmarek@…: Please report back if you have a chance to test the latest version.
comment:6 Changed 12 years ago by
Resolution: | fixed |
---|---|
Status: | closed → reopened |
It isn't working as expected: indeed no exception now, but lack of EMAIL_VIEW permission is ignored now. Full email address is rendered, as link.
comment:7 Changed 12 years ago by
What is the href
for the link? Does it have a full email address, or an obfuscated email address?
comment:8 Changed 12 years ago by
Also, what are the [trac] never_obfuscate_mailto
and [trac] show_email_addresses
settings for your Trac?
comment:9 Changed 12 years ago by
Full email in href,
never_obfuscate_mailto = false show_email_addresses = false
comment:10 Changed 12 years ago by
The full email in href
tells me that the problem is not with the MarkdownMacro. MarkdownMacro is not responsible for obfuscation of the email, nor can it circumvent any obfuscation. The logic in MarkdownMacro only strips away link elements when the email is obfuscated.
I cannot imagine a situation in which you place an email address outside of the Markdown block and it was obfuscated, but an email within the Markdown block is not obfuscated. Please try it, and I think you will find that that the user does actually have permission to view emails on the page in question. Perhaps you have granted EMAIL_VIEW
to either the anonymous or authenticated groups, or the user has TRAC_ADMIN
?
comment:11 Changed 12 years ago by
But actually it is happening. RAW source:
* [text](mailto:email@example.com) some more text
0.11.2 with my patch output:
<li><a href="mailto:email@%E2%80%A6">text</a> some more text</li>
0.11.4 output:
<li><a href="mailto:email@example.com">text</a> some more text</li>
comment:12 Changed 12 years ago by
With the 0.11.4 version, if you place an email address outside of the Markdown WikiProcessor block, is it obfuscated?
comment:13 Changed 12 years ago by
Yes. Here you have problematic page: http://wiki.qubes-os.org/trac/wiki/UserDoc/TorVM (links at the end of page) Currently running 0.11.4. I must revert it shortly to working version...
comment:14 Changed 12 years ago by
I see now that format
gets called in convert
, so my previous assumption was wrong. I suspect there is an issue with the regex I've implemented. I'll do some more testing, and I nearly have a unit test harness setup, so that will help as well. One difference I see between your markup and what I tested with initially is that your line begins with a bullet and whitespace.
Thank you for providing an example of how it fails, it will help with fixing the issue. Thank you also for your patience in helping me to understand the problem.
comment:15 Changed 12 years ago by
Status: | reopened → new |
---|
comment:16 Changed 11 years ago by
Sorry for the delay. I'll be returning to this very soon, and I'll be hoping that you are still willing to test out further changes.
comment:17 Changed 11 years ago by
Status: | new → accepted |
---|
comment:18 Changed 8 years ago by
Status: | accepted → new |
---|
comment:19 Changed 8 years ago by
Possible related issue fixed in #12996. Please test with latest version if you have time.
comment:20 Changed 5 years ago by
Owner: | Ryan J Ollos deleted |
---|
workaround patch