email address truncated

[PhocaUser]

Hi,
i really like this component! The only problem so far is, that the email address gets truncated after a certain lenth... How can i fix/adjust this?
An other thing i experienced today is, when i updated from v1.1.2_beta to v1.1.2_beta by deinstalling and reinstalling the component, i lost all guestbook entries... wasnt to bad, because most was backuped, but still not that great!
and: Thanks for your guestbook-component!

[Jan]

1. this is a security fix, you can change it in:
com_phocaguestbook/views/phocaguestbook/tmpl/default.php in row 110

2. You must update via FTP, because, if you uninstall some component in Joomla!, all data in database will be removed too, there is no update script yet...

Jan

[PhocaUser]

Hi Jan,

thanks for you replay!

1. Works fine, but why is that considered a security fix? when a short email-address is entered, it gets shown completly anyway!?

2. So i will update the Phoca-Component from now on via ftp, thanks.

PhocaUser

[Jan]

It doesn't relate to e-mail address, e-mail address is protected against spam by Joomla framework.

It is relating to the string length, it is very difficult to explain it, but it is here with reason...

Jan

[PhocaUser]

Hi Jan,
would be great if you could tell me what the reason is, because i reather have truncated email-addresses than an unknown security issue
If you could just briefly let me know what kind of security thing its about, i can decide what to do about.

What i'm also considering now is not to display the email address at the frontend at all, and have a little info-text at the guestbook-form to inform the user, that the email will not be displayed and only used for the site-admin to answer a post if needed/wanted. I think i could just remove line 108-111 in tmpl/default.php, right?
-> Could be a thing for the next version of this great component, what do you think? So at the settings "showing email" could be set on or off...
Best Regards
PhocaUser

[Jan]

User need not to add e-mail, if you set it in parameters. You can write there, he must not leave an e-mail adress (you can write it into the description of the Phoca Guestbook). If he leaves the e-mail address it will be protected against spam. You can hide the e-mail field in HTML code, see:
index.php?action=vthread&forum=2&topic= ... e=0#msg906

Yes, it could be set in the next version.

I cannot tell you what is the protection, but you can add there the number < 100 and don't forget that the message box is fixed so if you want that the e-mail address will be not longer than message box in normal view, you must set a rational number here...

[PhocaUser]

Hi Jan,

2. so, as i understand you, having a number of <100 would not cause any security problem? (I think about 40-50 would be long enough for most email address anyway

1. I was looking at the link about hiding the email-address, but i am not sure if i understand you right: You write it can be hide in the html-code... The only place i see, it could be hide is comenting line 108-111 in tmpl/default.php, right?

Best Regars
PhocaUser

[Jan]

1, yes, you right

108 - 111, if you want to hide e-mail in message box
249 - 252, if you want to hide an e-mail form field (you must disable requiring e-mail in parameters too)

[PhocaUser]

Hi Jan,

could you add in a next version of the guestbook component, to also have an option in the settings to choose if the email address is shown only to registered users?

PhocaUser

[Jan]

Added into feature request list...