View Issue Details

IDProjectCategoryView StatusLast Update
0020238phpList 3 applicationStatisticspublic20-07-20 20:01
Reporterneillsanders Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionno change required 
Product Version3.5.5-RC1 
Target Version3.5.5 
Summary0020238: Link click tracking ID regular expression incorrect
DescriptionHi! This is my first ever bug report, please bear with me. I've just sent out my first ever mail shot with the click tracking enabled. A large number of users have encountered a "not found" error when clicking through a link in the email. I have found that this is due to the way that the "tid" query string parameter is validated in lists/lt.php being incorrect.

/^(H|T)
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})$/x

In the above expression ?4[a-f0-9]{3} requires the number 4 to always be prefix three more alpha-numeric values, however links generated by PHPList when sending the campaign do not always include the 4 as a prefix. I believe it should be changed to the following which I have validated as working for all links that were being rejected:

/^(H|T)
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?[a-f0-9]{4}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?[a-f0-9]{4}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})
            \|([a-f0-9]{8}-?[a-f0-9]{4}-?[a-f0-9]{4}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12})$/x

I hope this small contribution goes a little way to helping PHPList be even more awesome!


TagsNo tags attached.

Activities

duncanc

20-07-20 12:04

updater   ~0063235

Last edited: 20-07-20 12:13

View 2 revisions

The digit 4 is pretty much a constant when a UUID is created. If you are seeing a different value that suggests a problem elsewhere. Please show an example of a parameter that doesn't have a 4 in that position.

If you look at the user, message and linktrack_forward tables in the database, each has a uuid column. You should be able to find any that do not have a 4 in that position.

neillsanders

20-07-20 12:17

reporter   ~0063236

Hello Duncan, here are some examples of the $track variable which failed the regular expression test before I made changes:

H|18c1939e-5ad1-42ce-92ea-01517394b8ad|8518b545-7f77-4705-aaa7-ce5aa751d0d4|73bdd2d6-b468-11ea-bb65-c49ab4b87e4d
H|e0a4927f-6d16-4930-a27a-33a12543d455|8518b545-7f77-4705-aaa7-ce5aa751d0d4|4ded07e3-aafb-11ea-ade1-0c39fb3d4290
H|e0a4927f-6d16-4930-a27a-33a12543d455|8518b545-7f77-4705-aaa7-ce5aa751d0d4|b305f047-c6c3-11ea-bb65-c49ab4b87e4d
H|18c1939e-5ad1-42ce-92ea-01517394b8ad|8518b545-7f77-4705-aaa7-ce5aa751d0d4|f56a0ee6-ae7a-11ea-ade1-0c39fb3d4290

duncanc

20-07-20 12:35

updater   ~0063237

It is the subscriber fields that have the wrong value. How did you add the subscribers? Imported a file, added manually through phplist admin page?

neillsanders

20-07-20 12:58

reporter   ~0063238

Caught me red handed! I have recently migrated to PHPList and in doing so created a custom import process that inserted directly into the database using the mysql UUID() function to generate PHPList user UID values. I may have wasted your time, and if so I apologise, unless you think it might be a good idea to change the validation is lt.php slightly to cater for this scenario in future? Does PHPList have an API? Thanks Duncan!

michiel

20-07-20 20:01

administrator   ~0063239

There are various APIs:

https://github.com/phpList/phplist-plugin-restapi
https://github.com/phpList/rest-api

and the hosted service has a SOAP API, which can be used with this client: https://github.com/phpList/phplist-hosted-soap-client