Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    mail velocity, multiple email-addresses does not work

    Hello, I'm using:
    Isomorphic SmartClient Framework (SC_SNAPSHOT-2011-11-10/PowerEdition Deployment 2011-11-10)

    (although will soon upgrade to 3.0 :-))

    Here 's my problem, using the following mail velocity template:
    Code:
          <mail> 
        <from>noreply@mydomain.nl</from>  
        <to>$dsRequest.getFieldValue("recipients")</to>  
        <subject>test</subject>  
        <messageTemplate>test</messageTemplate> 
      </mail>
    If I put one email address in the dsRequest, it works.
    If I put multiple, comma-separated ones in that recipients field value it gives the following error: 'Illegal address'. (I am using this thing in an offline datasource setting, so that might be the reason why it doesn't throw a stack trace?)

    The docs state that you can use a comma-separated string of emailaddresses, correct?

    Curious to your answer! Have a merry X-mas.
    Tags: None
    #2
    It's not clear that the Java.toString() is going to be the right format here. Can you try taking that expression and checking what's it's returning? A quick hack way to do this would be to embed it in customSQL just to see the resulting output.

    Comment

      #3
      Hm, finally got around trying your customSQL hint, and it does occur to render correctly:
      Code:
      'info@mydomain.com,info2@mydomain.com'
      So it does look like it should work. Any thoughts?

      Comment

        #4
        If those outer quotes are part of it, then that's not rendering correctly. Have you tried just hardcoding a value with multiple addresses?

        Comment

          #5
          Yep, that seems to be the problem. The velocity template adds the two quotes. Hardcoding two email addresses works fine.

          Do you see a work-around, or will you change this?

          Comment

            #6
            We'll check into whether we're adding those, if so, we'll remove them. You can use Velocity to work around this by trimming off the quotes if present.

            Comment

              #7
              Alright, thanks.

              As a thought: this means that developers who upgrade without taking notice of this change, could have queries that are vulnerable to SQL-injection?

              Comment

                #8
                Sorry, what change are you talking about, and how could it lead to SQL injection? Mail is a feature that can be used with or without SQL.

                Comment

                  #9
                  I meant: If you would change the code, such that it doesn't render the quotes anymore, 'legacy' SQL-templated queries of users will not have these quotes anymore when they upgrade SmartGWT. Thus these legacy queries might leave a potential SQL-injection leak?

                  Or am I misinterpreting something. I am assuming here that the velocity templating compiler code for use in <whereClauses> is the same as when used in <mail>, which might or might not be true :-)

                  Code:
                  <whereClause> aField=$dsRequest.getFieldValue("aField")</whereClause>
                  Now, quotes are automatically added, which compiles to something safe. But if you would change this, developers have to go back to all these situations and add quotes or else they have a potential SQL-injection leak.

                  Correct me if I am wrong, but it was just my $0.02.
                  Last edited by Sytematic; 27 Dec 2011, 15:06.

                  Comment

                    #10
                    These are separate systems.

                    Comment

                      #11
                      Actually, the quotes are a red herring - it is correct and expected that evaluating a string in a customSQL clause would escape it with quotes. This is actually a different problem, which has now been fixed - the fix will appear in 8.3d nightly development builds as of tomorrow.

                      Comment

                        #12
                        same problem with replyTo in smartgwt power 3.1d nightly

                        I've got this same problem but with the "replyTo" field, tested with FF15 and IE9.

                        Multiple "to" addresses with comma delimiters do indeed work correctly as documented in this thread.

                        But, the same test with the "replyTo" field does not work, and fails with the exact same (double single-quoted) string rendering. It does not seem like this is a Velocity issue, but rather an issue with MailMessage itself. I've tested this by constructing a MailMessage programatically and setting the replyTo field directly (with an unquoted comma delimited string) and it yields the same results.

                        Nothing fancy going on in my code, just a simple usage of the mail interface declared via operation binding a la:

                        Code:
                            <operationBindings>   
        <operationBinding operationType="fetch"> 
            <mail>  
                <to>$message_to</to>  
                <from>$message_from</from>     
                <replyTo>$message_replyto</replyTo>
                <subject>$message_subject</subject> 
                <messageTemplate>$message_body</messageTemplate>                       
            </mail>     
        </operationBinding>
    </operationBindings>
                        Here's my Tomcat 7 stack trace:

                        Code:
                        === 2012-09-14 20:42:00,096 [c-20] WARN  RequestContext - dsRequest.execute() failed: 
javax.mail.internet.AddressException: Illegal address in string ``blah@blah.org, blah2@blah.org, blah3@blah.org''
	at javax.mail.internet.InternetAddress.<init>(InternetAddress.java:110)
	at com.isomorphic.mail.MailMessage.buildMessage(MailMessage.java:360)
	at com.isomorphic.mail.TemplatedMailMessage.buildMessage(TemplatedMailMessage.java:274)
	at com.isomorphic.datasource.DSRequest.execute(DSRequest.java:2393)
	at com.isomorphic.servlet.IDACall.handleDSRequest(IDACall.java:216)
	at com.isomorphic.servlet.IDACall.processRPCTransaction(IDACall.java:173)
	at com.isomorphic.servlet.IDACall.processRequest(IDACall.java:138)
	at com.isomorphic.servlet.IDACall.doPost(IDACall.java:74)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
	at com.isomorphic.servlet.BaseServlet.service(BaseServlet.java:152)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at com.isomorphic.servlet.CompressionFilter.doFilter(CompressionFilter.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j
                        Anyway, I am hoping that this is just the same bug that was originally reported against the "to" field and it just did not get applied to the "replyTo" field. If not, I would really appreciate any suggestions on how best to workaround it.

                        SmartClient Version: SNAPSHOT_v8.3d_2012-09-04/PowerEdition Deployment (built 2012-09-04)

                        Cheers,
                        Mike
                        Last edited by mdarcy; 16 Sep 2012, 23:54.

                        Comment

                          #13
                          I hate to bump myself but I am curious if anyone at Isomorphic is looking into this issue with MailMessage.ReplyTo.

                          It was very easy to reproduce with:
                          SmartGWT 3.1d Power nightly (9-14-2012)/SmartClient Version: SNAPSHOT_v8.3d_2012-09-14/PowerEdition Deployment (built 2012-09-14):

                          Code:
                                      MailMessage message = new MailMessage();
            message.addHeader("Content-Type", "text/html; charset=utf-8");
            message.setRecipient("nobody@nowhere.com");
            message.setFrom("nobody@somewhere.com");
            message.setReplyTo("nobody@google.com,nobody@yahoo.com");            
            message.setSubject("Hi there");
            message.setBody("It is alive....");
            message.send();
                          Call Stack:

                          Code:
                          === 2012-09-17 13:24:05,491 [c-16] WARN  RequestContext - dsRequest.execute() failed: 
javax.mail.internet.AddressException: Illegal address in string ``nobody@google.com,nobody@yahoo.com''
	at javax.mail.internet.InternetAddress.<init>(InternetAddress.java:110)
	at com.isomorphic.mail.MailMessage.buildMessage(MailMessage.java:360)
	at com.isomorphic.mail.MailMessage.send(MailMessage.java:491)
	at edu.isi.misd.beari.bemailer.server.SendMailMessage.fetch(SendMailMessage.java:44)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.isomorphic.base.Reflection.adaptArgsAndInvoke(Reflection.java:972)
	at com.isomorphic.datasource.DataSourceDMI.execute(DataSourceDMI.java:416)
	at com.isomorphic.datasource.DataSourceDMI.execute(DataSourceDMI.java:64)
	at com.isomorphic.datasource.DSRequest.execute(DSRequest.java:1997)
	at com.isomorphic.servlet.IDACall.handleDSRequest(IDACall.java:216)
	at com.isomorphic.servlet.IDACall.processRPCTransaction(IDACall.java:173)
	at com.isomorphic.servlet.IDACall.processRequest(IDACall.java:138)
	at com.isomorphic.servlet.IDACall.doPost(IDACall.java:74)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
	at com.isomorphic.servlet.BaseServlet.service(BaseServlet.java:152)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at com.isomorphic.servlet.CompressionFilter.doFilter(CompressionFilter.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)
                          It is a bit of a showstopper for my application so I am a little anxious to get some more information. Sorry for being a pest.

                          Regards,
                          Mike

                          Comment

                            #14
                            We just fixed this - fix will be in tomorrow's build.

                            Comment

                              #15
                              Very much obliged! Cheers. :-)

                              Comment

                              Previous template Next
                              Working...
                              X