github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:34:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: only add elided part of email in PM

Browse Source
This commit is contained in:
Régis Hanol
2016-03-17 23:10:46 +01:00
parent 1b4e0f3300
commit 03a1aa0000
2 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/email/receiver.rb
View File

@ -55,16 +55,9 @@ module Email
user = find_or_create_user(@from_email, @from_display_name)
@incoming_email.update_columns(user_id: user.id)
body, elided = select_body
body, @elided = select_body
body ||= ""
if elided.present?
body << "\n\n" << "<details class='elided'>" << "\n"
body << "<summary title='#{I18n.t('emails.incoming.show_trimmed_content')}'>&#183;&#183;&#183;</summary>" << "\n"
body << elided << "\n"
body << "</details>" << "\n"
end
raise AutoGeneratedEmailError if is_auto_generated?
raise NoBodyDetectedError if body.blank? && !@mail.has_attachments?
raise InactiveUserError if !user.active && !user.staged
@ -358,6 +351,14 @@ module Email
# ensure posts aren't created in the future
options[:created_at] = [@mail.date, DateTime.now].min
# only add elided part in messages
if @elided.present? && options[:topic].try(:private_message?)
options[:raw] << "\n\n" << "<details class='elided'>" << "\n"
options[:raw] << "<summary title='#{I18n.t('emails.incoming.show_trimmed_content')}'>&#183;&#183;&#183;</summary>" << "\n"
options[:raw] << @elided << "\n"
options[:raw] << "</details>" << "\n"
end
manager = NewPostManager.new(options[:user], options)
result = manager.perform