secure default for the 'find_related_post_with_key' site setting

This commit is contained in:
Régis Hanol 2017-08-01 00:03:04 +02:00
parent ec85b41078
commit 88ba052446
3 changed files with 5 additions and 3 deletions

View File

@ -1389,7 +1389,7 @@ en:
email_prefix: "The [label] used in the subject of emails. It will default to 'title' if not set." email_prefix: "The [label] used in the subject of emails. It will default to 'title' if not set."
email_site_title: "The title of the site used as the sender of emails from the site. Default to 'title' if not set. If your 'title' contains characters that are not allowed in email sender strings, use this setting." email_site_title: "The title of the site used as the sender of emails from the site. Default to 'title' if not set. If your 'title' contains characters that are not allowed in email sender strings, use this setting."
find_related_post_with_key: "Only use the reply key to find the replied-to post. (Recommended if using Amazon SES)" find_related_post_with_key: "Only use the 'reply key' to find the replied-to post. WARNING: disabling this allows user impersonation based on email address."
minimum_topics_similar: "How many topics need to exist before similar topics are presented when composing new topics." minimum_topics_similar: "How many topics need to exist before similar topics are presented when composing new topics."

View File

@ -633,7 +633,7 @@ email:
default: '' default: ''
validator: "AlternativeReplyByEmailAddressesValidator" validator: "AlternativeReplyByEmailAddressesValidator"
find_related_post_with_key: find_related_post_with_key:
default: false default: true
manual_polling_enabled: manual_polling_enabled:
default: false default: false
pop3_polling_enabled: pop3_polling_enabled:

View File

@ -400,7 +400,9 @@ describe Email::Receiver do
expect(Topic.last.ordered_posts[-1].post_type).to eq(Post.types[:moderator_action]) expect(Topic.last.ordered_posts[-1].post_type).to eq(Post.types[:moderator_action])
end end
it "associates email replies using both 'In-Reply-To' and 'References' headers" do it "associates email replies using both 'In-Reply-To' and 'References' headers when 'find_related_post_with_key' is disabled" do
SiteSetting.find_related_post_with_key = false
expect { process(:email_reply_1) }.to change(Topic, :count) expect { process(:email_reply_1) }.to change(Topic, :count)
topic = Topic.last topic = Topic.last