[stable23] strtolower on mail address #882
Conversation
![backportbot-nextcloud[bot]](https://avatars.githubusercontent.com/in/21012?s=60&v=4){kind=small}
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
|
This could cause problems. According to RFC 2822 section 3.4.1 the local part COULD differentiate between upper case and lower case in a way that both addresses are handled differently and lead to two different mailboxes. The standard would allow this and this could be a potential privacy issue because lowercasing could in those cases disclose mail for one inbox owner to another. I guess it's not that likely, but in theory its conceivable: which in turn also could lead to legal problems like "Verletzung des Fernmeldegeheimnis" in germany. I'm not sure how likely it is that this will happen nowadays, but I know this problem because i had it once some twenty years ago when RFC 822 was current. RFC 2822 would still allow it; so a clean implementation only should normalize the domain part. |
|
Is it really an issue as it will only prevent to add another user with the same mail address (but different case) ? |
Well I guess then one could argue that it's sufficient to handle this problem when it occurs; which won't be often. |
backport of #875