What can a malicious user accomplish by claiming unverified email for commits? The idea outlined here sounds right but I’d like to understand what potential harm could be done on its current state, and also whether there’s any legitimate use case for the current behavior.

Double slam-accept

Right... one day I may get used to all those Phorge shortcuts, thanks

Oops, no for real

Uhm, right, heh

...like line 105 :)

Thaaanks - If I'm not wrong we can = idx($card, 'objectPHID');

Rebase

I applied this patch locally on top of git master and output does not complain anymore about 'link-brackets.txt' (thus it's correct) but fails in link-edge-cases.txt now (thus it's likely not complete):

run unit test

Adding @aklapper as subscriber in this security issue since I trust this user (unclear if this should be flagged as security thought, feel free to open)

This seems to impact mail deliverability to @icloud.com addresses too.

Thanks a lot @valerio.bozzolan for addressing this so quickly!

Please "remind" me about this ticket as often as possible, so I will fix it. I have everything I need to actually fix this, except the willpower.

Hi @reet- hoping to be useful maybe see recent activity in T15964 :) You may like this

We should maybe rewrite a bit the proposed solution, since ideally it's possible to use upstream.phorge.dev but it should be at least reachable to pass some anti-spam checkers I guess. At the moment it isn't:

@mturdus: Thanks! LGTM

@valerio.bozzolan: Feel free to give this revised version another review :)

Big thanks for digging deep into that regex (on which I gave up).

Thanks. Confirming that this works as expected (after manually changing test_accents.mbox to make the arc unit output fail)

In D25844#22553, @valerio.bozzolan wrote:

I hope you won't send me a lawyer

do you really think I could afford one

@3tayesh Please don't do that again.

git rebase origin/master

lol @taavi I've stolen some of your "ä" for the example file test_accents.mbox, I hope you won't send me a lawyer

I tried to prepare a unit test but it's not working. But yes the patch itself seems to work thanks

(Sorry I cannot test now) Does the test plan work with just this?

Nice question avivey. We could always disable this but maybe "newcomer admins" may not try to click it, so with more confusion from the other (Dark) Side.

Since the button doesn't do anything in any case except say why it doesn't do anything, it might always be disabled? Do we have any other similar buttons?
I'm never sure if users discover that disabled buttons are actually clickable (and try to explain why they're disabled). It's a UI feature I really like, but I don't think I've seen it anywhere else.

Is the extension still maintained? While there is no extension store yet, it's possible to host repositories here. https://we.phorge.it/w/docs/extensions/phactory/

Thanks for the information. I can confirm that a normal user receives "You Shall Not Pass: rP", "You do not have permission to edit this object."