[JIRA] Closed: (OFBIZ-534) getPartyFromEmail does dangerous matching

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Closed: (OFBIZ-534) getPartyFromEmail does dangerous matching

JIRA jira@ofbiz.org
     [ http://jira.undersunconsulting.com/browse/OFBIZ-534?page=all ]
     
David E. Jones closed OFBIZ-534:
--------------------------------

    Resolution: Fixed

Actually, whatever, let's just leave it this way. It makes it a little funny to leave the LIKE in there instead of an =, but that's fine.

> getPartyFromEmail does dangerous matching
> -----------------------------------------
>
>          Key: OFBIZ-534
>          URL: http://jira.undersunconsulting.com/browse/OFBIZ-534
>      Project: [OFBiz] Open For Business
>         Type: Bug
>   Components: party
>     Versions: SVN
>  Environment: Linux, PostgreSQL
>     Reporter: Ean Schuessler
>     Assignee: Jacques Le Roux
>      Fix For: SVN

>
> Original Estimate: 10 minutes
>         Remaining: 10 minutes
>
> getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for an email. This means that you can get back [hidden email] when you search for [hidden email]. I can't really see the point of the current implementation and it can have dangerous and suprising side effects if you are going to mail personal information. I'd suggest doing a direct but case-insensitive match. The case insensitivity is a good feature.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.undersunconsulting.com/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira