diff options
| author | Go MAEDA <maeda@farend.jp> | 2019-08-26 04:18:18 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2019-08-26 04:18:18 +0000 |
| commit | 47dd2083f7958ff05deea3c56c1c2067fef64f9c (patch) | |
| tree | a0386a6d30d3475a4788336593998813a5ec9ad8 | |
| parent | e03617881e5f4c1240b9d494df975968da4a9478 (diff) | |
| download | redmine-47dd2083f7958ff05deea3c56c1c2067fef64f9c.tar.gz redmine-47dd2083f7958ff05deea3c56c1c2067fef64f9c.zip | |
Reject setting RFC non-compliant emission email addresses (#31154).
Patch by Mizuki ISHIKAWA.
git-svn-id: http://svn.redmine.org/redmine/trunk@18396 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/email_address.rb | 4 | ||||
| -rw-r--r-- | app/models/setting.rb | 8 | ||||
| -rw-r--r-- | test/unit/setting_test.rb | 14 |
3 files changed, 25 insertions, 1 deletions
diff --git a/app/models/email_address.rb b/app/models/email_address.rb index 7f8eef5da..c3d8e8d41 100644 --- a/app/models/email_address.rb +++ b/app/models/email_address.rb @@ -20,6 +20,8 @@ class EmailAddress < ActiveRecord::Base include Redmine::SafeAttributes + EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i + belongs_to :user after_update :destroy_tokens @@ -30,7 +32,7 @@ class EmailAddress < ActiveRecord::Base after_destroy_commit :deliver_security_notification_destroy validates_presence_of :address - validates_format_of :address, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :allow_blank => true + validates_format_of :address, :with => EMAIL_REGEXP, :allow_blank => true validates_length_of :address, :maximum => User::MAIL_LENGTH_LIMIT, :allow_nil => true validates_uniqueness_of :address, :case_sensitive => false, :if => Proc.new {|email| email.address_changed? && email.address.present?} diff --git a/app/models/setting.rb b/app/models/setting.rb index b18f8ed89..9eaaaec33 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -166,6 +166,14 @@ class Setting < ActiveRecord::Base end end + if settings.key?(:mail_from) + begin + mail_from = Mail::Address.new(settings[:mail_from]) + raise unless mail_from.address =~ EmailAddress::EMAIL_REGEXP + rescue + messages << [:mail_from, l('activerecord.errors.messages.invalid')] + end + end messages end diff --git a/test/unit/setting_test.rb b/test/unit/setting_test.rb index 3d9252adb..253f3c037 100644 --- a/test/unit/setting_test.rb +++ b/test/unit/setting_test.rb @@ -132,4 +132,18 @@ YAML Setting.where(:name => 'commit_update_keywords').delete_all Setting.clear_cache end + + def test_mail_from_format_should_be_validated + with_settings :default_language => 'en' do + ['[Redmine app] <redmine@example.net>', 'redmine'].each do |invalid_mail_from| + errors = Setting.set_all_from_params({:mail_from => invalid_mail_from}) + assert_includes errors, [:mail_from, 'is invalid'] + end + + ['Redmine app <redmine@example.net>', 'redmine@example.net', '<redmine@example.net>'].each do |valid_mail_from| + errors = Setting.set_all_from_params({:mail_from => valid_mail_from}) + assert_nil errors + end + end + end end |