Error when entering more than one email recipient in schedule

[chaddn]

I just installed a clean copy of 4.5.0 CP (on 64bit Centos 5) and imported my 3.7.1 repository.  I noticed that on any of my report schedules that I have multiple email recipients I am unable to make changes to those schedules.  As soon as I submit the changes I get the following error:

"The server has encountered an error. Please excuse the inconvenience. An error has occurred. Please contact your system administrator. (5321)"

I also get this error if I try to create a new schedule to multiple email recipients.  If I leave only one email address in the To field, it will save the schedule just fine.  I am separating the email addresses with commas just as I always have.  Here is what jasperserver.log shows pertaining to this:

"Invalid input: context=toAddresses-ViewRepository_Schedule_OutputSettings_context, type(Email)=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$, input=testa@gmail.com,testb@gmail.com
org.owasp.esapi.errors.ValidationException: toAddresses-ViewRepository_Schedule_OutputSettings_context: Invalid input. Please conform to regex ^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$ with a maximum length of 200
        at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)"
 

Is this a bug or did the address delimiter change?  I've been wrestling with this upgrade all afternoon (fixing other report compatability issues) and this is the last one to address so I can move us to the new version.  Please help!

Thanks!

Chadd

 

[chaddn]

So it looks like this is an issue with the input validation in the new Security Configuration.  If I set "security.validation.input.on=false" then I can add multiple email addresses no problem.  Now the question is are there any other negative effects (besides no input validation) if I turn that off?

[dr_memory]

Running into this as well myself. Turning off all input validation strikes me as a bad idea; is the regex adjustable from anywhere in properties?

[rrizzi]

Hi guys, I too have the same problem.

May I kindly ask you from where did you disabled the validation?

Thanks,

raf

[chaddn]

in WEB-INF/classes/esapi/security-config.properties set security.validation.input.on=false

[ehaque]

I got the same problem while creating/editing any report. Then I set "security.validation.input.on=false" and everything is working now. I am using XP (32 bit) SP3.

 

Putting input validation false is not a good idea I think (though I dont know any option). Is this a bug or I have missed something while installing? Can anybody please help!!!

[kaiben]

 I recently installed a fresh 4.5 and I'm having this problem too. I tried colon, semi-colon, using the former with and without spaces but to no avail.

If the regex stated by chaddn is correct, then this is a bug as the regex does not test for more than one address.

 

br,

Ben

[brooneyx1]

Posted to the wrong thread, but still applicable to this one: If I set to false it breaks resource upload.

 

I got this to work by editting the file:

WEB-INF/classes/esapi/security-config.properties

And setting:

security.validation.input.on=true

I had it set it to false previously in order to fix a bug in scheduled email. With a multi user  recipient list, scheduling breaks unless I set this to false.  So setting it to false fixed that bug and caused this one. Anyone else have a different fix for the email bug ?

Can you all check if you have this values set to false also ?

 

 

Post Edited by brooneyx1 at 02/22/2012 15:46

[gianferr]

 Try replacing in {JasperHome}/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.properties

Validator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}$

with

Validator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}(,[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4})*$

 

Seems working!

[dmromey]

Tried this, still getting the same error.

[kaiben]

gianferr
Wrote:

Try replacing in {JasperHome}/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.properties   Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$ with Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}(,[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4})*$   Seems working!

 

Thanks, that worked for me!

Note however that your regex does not allow for spaces between the comma and the next address. Although JasperServer will insert a space next time you open the output pane and thus saving will fail again. So the final solution would be this one:

Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}(, *[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4})*$

 

BR,
Ben

[mgeise]

All,

Here is what the final fix to this will be.  This issue will be fixed in the next release.

 

the fix is this:1. add new rule to validation.propertiesValidator.EmailAddresses=^[\\p{L}\\p{M}\\p{N}._%'-\\@\\,\\;\\s]+$this uses similar regex to Validation.Email but is not concerned aboutstructure2. apply the new rule to the parameter in question.   edit /esapi/security.properties.mailNotification.toAddresses=AlphaDot,EmailAddresses,2000,true,toAddresses-ViewRepository_Schedule_OutputSettings_context[/code]

[kcd]

Here is a fix below. Actually Jasperserver should be spliting the email addresses and validating them individually but this will work.

You might as well fix queries too, also below

 

Or if you get sick of it, effectively disable a validator like so

Validator.Email=^.*$

 

Code:

# Validator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}$# Allow multiple emailsValidator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[\\s*,\\s*[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}]*$# Validator.ValidSQL=^\\s*((?i)select)\\s+[^;]+$# Fixed for stored procedures etcValidator.ValidSQL=^\\s*(?i)(with\\s+.*)?(select|call|exec(ute)?)\\s+[^;]+$

[kcd]

 Whoops, didn't see there was a page 2 when I hit reply....

 mgeise has a more complete answer

[pintoyakoob]

 Your solution helped me security.validation.input.on=false

[shmee]

Do you know when the next release is scheduled? Also I used the Validator.EmailAddresses regex for Validation.Email and it seems to be working.

[mgeise]

 Timing for the next community release will likely be in another around 2-3 months from now.

[sohan04]

Hi,

I also found the same problem,after analyzing the jasper server email validator i found comma pattern was missing, i have made it able to wrok as per my requirement .

^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$

Regards,

Sohan

Code:

^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$

[sohan04]

Hi,

I also found the same problem,after analyzing the jasper server email validator i found comma pattern was missing, i have made it able to wrok as per my requirement .

^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$

Regards,

Sohan

Code:

^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$

[sohan04]

dmromey
Wrote:

Tried this, still getting the same error.

Code:

Hi,I have analyzed the regex and found that jasper have no validations for comma(,) so i reconstructed the regex Validator.Email=^([\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}[,]?)+$Here you have comma separated  email-id's but there is one clause all the mail id's should be valid i mean there should be no spaces between comma's,domain name must b valid etc.Regards,Sohan

[tvandenbrink]

 Changed the regex in jasper/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.properties to the following:

Validator.Email=^(([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.:-]+\\.[a-zA-Z]{2,4})+[\\,]?)+$

This way you can add multiple emailaddresses. NOTE!!! Don't put spaces between the email addresses.

 

email@addres.com,email2@address.com,email3@address.com

 

Cheers,

 

Tijmen