Просмотр исходного кода
Reject setting RFC non-compliant emission email addresses (#31154).
Patch by Mizuki ISHIKAWA. git-svn-id: http://svn.redmine.org/redmine/trunk@18396 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.1.0
Go MAEDA
4 лет назад
3 измененных файлов: 25 добавлений и 1 удалений
+ 3
- 1
app/models/email_address.rb
Просмотреть файл
| @@ -20,6 +20,8 @@ | |||
| class EmailAddress < ActiveRecord::Base | |||
| include Redmine::SafeAttributes | |||
| EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i | |||
| belongs_to :user | |||
| after_update :destroy_tokens | |||
| @@ -30,7 +32,7 @@ class EmailAddress < ActiveRecord::Base | |||
| after_destroy_commit :deliver_security_notification_destroy | |||
| validates_presence_of :address | |||
| validates_format_of :address, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :allow_blank => true | |||
| validates_format_of :address, :with => EMAIL_REGEXP, :allow_blank => true | |||
| validates_length_of :address, :maximum => User::MAIL_LENGTH_LIMIT, :allow_nil => true | |||
| validates_uniqueness_of :address, :case_sensitive => false, | |||
| :if => Proc.new {|email| email.address_changed? && email.address.present?} | |||
+ 8
- 0
app/models/setting.rb
Просмотреть файл
| @@ -166,6 +166,14 @@ class Setting < ActiveRecord::Base | |||
| end | |||
| end | |||
| if settings.key?(:mail_from) | |||
| begin | |||
| mail_from = Mail::Address.new(settings[:mail_from]) | |||
| raise unless mail_from.address =~ EmailAddress::EMAIL_REGEXP | |||
| rescue | |||
| messages << [:mail_from, l('activerecord.errors.messages.invalid')] | |||
| end | |||
| end | |||
| messages | |||
| end | |||
+ 14
- 0
test/unit/setting_test.rb
Просмотреть файл
| @@ -132,4 +132,18 @@ YAML | |||
| Setting.where(:name => 'commit_update_keywords').delete_all | |||
| Setting.clear_cache | |||
| end | |||
| def test_mail_from_format_should_be_validated | |||
| with_settings :default_language => 'en' do | |||
| ['[Redmine app] <redmine@example.net>', 'redmine'].each do |invalid_mail_from| | |||
| errors = Setting.set_all_from_params({:mail_from => invalid_mail_from}) | |||
| assert_includes errors, [:mail_from, 'is invalid'] | |||
| end | |||
| ['Redmine app <redmine@example.net>', 'redmine@example.net', '<redmine@example.net>'].each do |valid_mail_from| | |||
| errors = Setting.set_all_from_params({:mail_from => valid_mail_from}) | |||
| assert_nil errors | |||
| end | |||
| end | |||
| end | |||
| end | |||
Загрузка…