Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Ok, here is the situation:
When an authorized user (meaning from an e-mail address in the drupal users list), everything works just fine.
When an anonymous user submits a post, then everything works - except the title (it just shows up as blank).
No apparent errors are generated - just a blank title.
A couple of notes:
1. Using multiple e-mail address (so have some mail feed nodes created).
2. Problem is continuous - doesn't matter source address or e-mail client.
Any suggestions?
Jeff :-)
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | MailhandlerParser.inc_.patch | 245 bytes | jeffvanh |
Comments
Comment #1
danepowell commentedI assume you are using the option "If authentication fails: Create the node, leave it unpublished"?
When messages are received from anonymous users, commands (including those that parse the headers, i.e. subject line) will not be processed, as this could allow malicious behavior. For instance, if commands were processed for anonymous users, an anonymous user could make their message published or promoted to the front page.
Not sure what the best solution is, it will require some thought. I'm open to suggestions.
Comment #2
jeffvanh commentedYes, that was exactly what I was doing (the option of if authentication fails, create node and leave it unpublished).
Is there a way to just create a "null" authentication option (i.e. consider any e-mail that matches this option to be authenticated)? Where is the authentication process happening (in mailhandler or in the feeds processor)? Just curious - since it looks like some code changes might be required - so an idea of where to start looking would be very helpful.
I haven't torn into the code yet looking for what could be done - I was, honestly, hoping that I was just doing something stupid (which is, of course, most commonly the case).
Jeff :-)
Comment #3
danepowell commentedNo, I don't think you're doing anything stupid in this case :) Feeds Importers have three phases: Fetching, Parsing, and Processing. Authentication (and command handling) both happen during parsing.
The easiest solution for now is probably to add an "ignore failed authentication" option in addition to "leave node unpublished" and "do not create the node".
I haven't decided on a priority for this- I need to tackle a few other bugs first. Feel free to submit a patch.
Comment #4
jeffvanh commentedOk, I took your advice and went ahead and built up a very small patch that does just what you suggested. Patch attached (hope I did the patching properly - it was just a little thing, but I didn't do a lot of investigation as to how to make it be correct).
After thinking about it for a bit, I think I am going to go ahead and add some stuff to it in order to add an "exclude" option - or something - so that, for example, if an e-mail isn't authenticated, only commands that are NOT on this exclude list will be processed. I am putting this on my futures list.
BTW - patch is to MailhandlerParser.inc file (in mailhandler/plugins folder) (since I didn't get the git stuff setup properly).
Comment #5
danepowell commentedI'd rather the option just be "ignore authentication", not "ignore authentication- keep post unpublished" (which is a bit deceptive, since we can't actually force the post to be unpublished). Would that work for you? If you want posts to be unpublished by default, you can configure that in the importer.
Comment #6
danepowell commentedCommitted a slightly modified version of #4 to both branches:
https://drupal.org/commitlog/commit/96/10c97b2d7ecaff068eca9457c66f257e2...
https://drupal.org/commitlog/commit/96/889796c7813dadb59571e9cfe21749dd3...
If you would like to improve upon this patch please open a new issue.