From 2585ada5ca368d88a4d11ab9a8f51d74961f8ae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Tue, 17 Apr 2018 17:08:12 +0200 Subject: [PATCH] FIX: don't allow spaces in 'reply_by_email_address' site setting --- lib/validators/reply_by_email_address_validator.rb | 13 +++++++++---- .../reply_by_email_address_validator_spec.rb | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/validators/reply_by_email_address_validator.rb b/lib/validators/reply_by_email_address_validator.rb index ff668bf8582..a9110e0f850 100644 --- a/lib/validators/reply_by_email_address_validator.rb +++ b/lib/validators/reply_by_email_address_validator.rb @@ -4,14 +4,19 @@ class ReplyByEmailAddressValidator end def valid_value?(val) + val&.strip! + return true if val.blank? - return false if val["@"].nil? + return false if !val.include?("@") + + value = val.dup if SiteSetting.find_related_post_with_key - !!val["%{reply_key}"] && val.sub(/\+?%{reply_key}/, "") != SiteSetting.notification_email - else - val != SiteSetting.notification_email + return false if !value.include?("%{reply_key}") + value.sub!(/\+?%{reply_key}/, "") end + + value != SiteSetting.notification_email && !value.include?(" ") end def error_message diff --git a/spec/components/validators/reply_by_email_address_validator_spec.rb b/spec/components/validators/reply_by_email_address_validator_spec.rb index cf7a889a4a7..c64a4a62a5e 100644 --- a/spec/components/validators/reply_by_email_address_validator_spec.rb +++ b/spec/components/validators/reply_by_email_address_validator_spec.rb @@ -12,6 +12,7 @@ describe ReplyByEmailAddressValidator do it "returns false if value is not an email address" do expect(validator.valid_value?('WAT%{reply_key}.com')).to eq(false) + expect(validator.valid_value?('word +%{reply_key}@example.com')).to eq(false) end it "returns false if value does not contain '%{reply_key}'" do