Bug #77257 for RT-Client-REST: Email address validation

Thu May 17 03:28:57 2012 bobtfish [...] bobtfish.net - Ticket created

Subject:	Email address validation
Date:	Thu, 17 May 2012 08:28:46 +0100
To:	bug-RT-Client-REST [...] rt.cpan.org
From:	Tomas Doran <bobtfish [...] bobtfish.net>

I'm not sure if this is really the client's job - however I've found that with RT4, if you add a CC or AdminCC of an invalid single character numeric email address (e.g. '4'), then you get the ticket CC'd to all RT users who have been 'granted rights'. This is obviously a very serious bug in shared RT instances, and particularly easy to trigger (by scalar-ifying your list of CCs at the wrong moment!).. I intend to work this back into the RT source, and fix it at the server side also - however I started on a patch for the client, so I'm opening this ticket for tracking…

Thu May 17 03:30:50 2012 bobtfish [...] bobtfish.net - Correspondence added

Branch committed at: https://rt-client-rest.googlecode.com/svn/branches/rt-client-rest/validate_email

Thu May 17 03:30:52 2012 bobtfish [...] bobtfish.net - Status changed from 'new' to 'open'

Thu May 17 10:48:35 2012 bobtfish [...] bobtfish.net - Correspondence added

Forget this - it's a bug in the RT server - it special cases handling for /^\d$/ in RT::Ticket->Create, for no purpose (as it's never used). I've pushed a bug / patch upstream, and I'm going to reject this.

Thu May 17 10:48:37 2012 bobtfish [...] bobtfish.net - Status changed from 'open' to 'rejected'