diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2023-01-22 15:23:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-22 08:23:52 -0600 |
| commit | 21dd4a252a98fee4e8b4304d63685c4fae7cc077 (patch) | |
| tree | 20e81cfe513753adc19c5a1902289d6925cb3aa2 /services/mailer/mailer.go | |
| parent | 6737e1c5d589e9521e4e07824a2fc9280270e19f (diff) | |
| download | gitea-21dd4a252a98fee4e8b4304d63685c4fae7cc077.tar.gz gitea-21dd4a252a98fee4e8b4304d63685c4fae7cc077.zip | |
Prevent multiple `To` recipients (#22566)
Change the mailer interface to prevent leaking of possible hidden email
addresses when sending to multiple recipients.
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Diffstat (limited to 'services/mailer/mailer.go')
| -rw-r--r-- | services/mailer/mailer.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/services/mailer/mailer.go b/services/mailer/mailer.go index 4e03afb961..91cc8cb405 100644 --- a/services/mailer/mailer.go +++ b/services/mailer/mailer.go @@ -35,7 +35,7 @@ type Message struct { Info string // Message information for log purpose. FromAddress string FromDisplayName string - To []string + To string // Use only one recipient to prevent leaking of addresses ReplyTo string Subject string Date time.Time @@ -47,7 +47,7 @@ type Message struct { func (m *Message) ToMessage() *gomail.Message { msg := gomail.NewMessage() msg.SetAddressHeader("From", m.FromAddress, m.FromDisplayName) - msg.SetHeader("To", m.To...) + msg.SetHeader("To", m.To) if m.ReplyTo != "" { msg.SetHeader("Reply-To", m.ReplyTo) } @@ -89,7 +89,7 @@ func (m *Message) generateAutoMessageID() string { dateMs := m.Date.UnixNano() / 1e6 h := fnv.New64() if len(m.To) > 0 { - _, _ = h.Write([]byte(m.To[0])) + _, _ = h.Write([]byte(m.To)) } _, _ = h.Write([]byte(m.Subject)) _, _ = h.Write([]byte(m.Body)) @@ -97,7 +97,7 @@ func (m *Message) generateAutoMessageID() string { } // NewMessageFrom creates new mail message object with custom From header. -func NewMessageFrom(to []string, fromDisplayName, fromAddress, subject, body string) *Message { +func NewMessageFrom(to, fromDisplayName, fromAddress, subject, body string) *Message { log.Trace("NewMessageFrom (body):\n%s", body) return &Message{ @@ -112,7 +112,7 @@ func NewMessageFrom(to []string, fromDisplayName, fromAddress, subject, body str } // NewMessage creates new mail message object with default From header. -func NewMessage(to []string, subject, body string) *Message { +func NewMessage(to, subject, body string) *Message { return NewMessageFrom(to, setting.MailService.FromName, setting.MailService.FromEmail, subject, body) } |