View Issue Details

IDProjectCategoryView StatusLast Update
0006214SOGoWeb Mailpublic2026-07-01 07:56
Reporterrof Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
OSDebian Bookworm 
Product Version5.12.6 
Summary0006214: Signature duplicated when switching identity in compose (regression from 0005695 fix)
Description

When a user switches the From address in the compose window (e.g. from their personal address to a shared/public mailbox), the signature is not removed and a second copy is appended.

SOGo version: 5.12.8 (nightly 20260518-1)
Compose mode: Plain text (SOGoMailComposeMessageType = text), also reproducible in HTML mode
Browser: Firefox (latest)

Setup:

  • User has a personal identity with a multi-line signature (name, address, phone, URLs)
  • User has access to shared/public mailboxes with no signature defined
  • SOGoMailSignaturePlacement = above
  • SOGoMailAuxiliaryUserAccountsEnabled = NO
Steps To Reproduce
  1. Open a new compose window. The personal signature appears once (correct).
  2. Switch the From address to a shared/public mailbox.
  3. Click into the message body and type something.
  4. The signature now appears twice.
Additional Information

Root cause is in MessageEditorController.js, setFromIdentity function.

The fix for 0005695 (commit b7e529d) replaced the original regex (lines 430-431):

//var currentSignature = new RegExp('(' + reNl + '){' + nlNb + '}--' + space + reNl +
// currentIdentity.signature.replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&'));

with (line 432):

var currentSignature = new RegExp('(<p>)?(<br ?\/?>( )?[ \n]?)?-- <br ?\/?>( )?[ \n]?(<\/p>)?' + currentIdentity.signature)

Two problems:

  1. The regex hardcodes HTML patterns (<p>, <br>,  ) regardless of compose mode. The code above correctly sets nl/reNl/space differently for "html" vs "text" mode, but line 432 ignores those variables. In plain text mode the body contains "-- \n" but the regex looks for "-- <br />" which never matches.

  2. The signature content is no longer escaped for regex special characters. The original line 431 had .replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&'). Line 432 uses currentIdentity.signature raw, so characters like . + ( ) / ? in URLs and phone numbers break the pattern.

Because the regex never matches, the old signature stays in place and a second copy is appended via the fallback paths (line 440 or lines 448-461).

Suggested fix: restore use of the mode-aware variables AND regex escaping:

var escapedSig = currentIdentity.signature.replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&');
var currentSignature = new RegExp('(' + reNl + '){' + nlNb + '}--' + space + reNl + escapedSig);

The try/catch for 0005695 (regex too big) should remain as a fallback.

Tagsidentity, regression, signature

Activities

tk_umr

tk_umr

2026-06-26 14:15

reporter   ~0018511

This is a duplicate of 0006168

rof

rof

2026-07-01 07:56

reporter   ~0018514

Thanks for linking bug 0006168, but I believe commit 71d865b is actually the cause of the problem, not the fix. The issue persists on our installation with the latest nightly (5.12.8).

Looking at the diff, the commit commented out the original regex (lines 427-428):

var currentSignature = new RegExp('(' + reNl + '){' + nlNb + '}--' + space + reNl +
currentIdentity.signature.replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&'));

and replaced it with (line 432):

var currentSignature = new RegExp('(<p>)?(<br ?\/?>( )?[ \n]?)?-- <br ?\/?>( )?[ \n]?(<\/p>)?' + currentIdentity.signature)

This replacement has two problems:

  1. The regex is hardcoded to HTML patterns regardless of compose mode. The function correctly sets nl/reNl/space to different values for plain text vs HTML, but line 432 ignores those variables and always uses HTML entities (<br>,  , <p>). In plain text mode the body contains "-- \n" but the regex searches for "-- <br />" which will never match.

  2. The original code escaped the signature for regex special characters with .replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&'). The replacement drops this escaping entirely and appends currentIdentity.signature raw. Any signature containing . + ( ) / ? (which is almost every signature with URLs or phone numbers) will break the regex.

The nl2 and reNl2 variables added by the commit are never used in the actual regex on line 432.

Because the regex never matches, the old signature is never removed, and the fallback paths (line 440 or 448-461) append it again, causing the duplication.

The original commented-out code was correct in approach. A proper fix should restore the mode-aware variables and the escaping, while keeping the try/catch from 0005695:

var escapedSig = currentIdentity.signature.replace(/[-[]{}()*+?.,\^$|#\s]/g, '\$&');
var currentSignature = new RegExp('(' + reNl + '){' + nlNb + '}--' + space + reNl + escapedSig);

I can reproduce this 100% of the time with plain text compose mode (SOGoMailComposeMessageType = text) and a multi-line signature containing URLs.

Issue History

Date Modified Username Field Change
2026-05-20 12:04 rof New Issue
2026-05-20 12:04 rof Tag Attached: identity
2026-05-20 12:04 rof Tag Attached: regression
2026-05-20 12:04 rof Tag Attached: signature
2026-06-26 14:15 tk_umr Note Added: 0018511
2026-07-01 07:56 rof Note Added: 0018514