This is an automated email from the ASF dual-hosted git repository.
rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 05f5e83 untaint from address
05f5e83 is described below
commit 05f5e833b0304db47866b32be5cec6f42e7e7b51
Author: Sam Ruby <[email protected]>
AuthorDate: Tue Nov 6 10:51:36 2018 +0000
untaint from address
---
www/secretary/workbench/templates/acreq.erb | 1 -
www/secretary/workbench/views/actions/icla.json.rb | 5 ++++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/www/secretary/workbench/templates/acreq.erb
b/www/secretary/workbench/templates/acreq.erb
index 2b2a073..9c4c94f 100644
--- a/www/secretary/workbench/templates/acreq.erb
+++ b/www/secretary/workbench/templates/acreq.erb
@@ -1,5 +1,4 @@
To: [email protected]
-From: <%= @from %>
Subject: [FORM] Account Request - <%= @email %>: <%= @pubname %>
Prospective userid: <%= @user %>
diff --git a/www/secretary/workbench/views/actions/icla.json.rb
b/www/secretary/workbench/views/actions/icla.json.rb
index fddc303..c968dfe 100644
--- a/www/secretary/workbench/views/actions/icla.json.rb
+++ b/www/secretary/workbench/views/actions/icla.json.rb
@@ -10,6 +10,8 @@
# extract message
message = Mailbox.find(@message)
[email protected] if @from =~ /\A("?[\s\w]+"?\s+<)?\w+@apache\.org>?\z/
+
# extract file extension
fileext = File.extname(@selected).downcase if @signature.empty?
@@ -237,8 +239,9 @@ if @valid_user and @pmc and not @votelink.empty?
cc << @podling.private_mail_list if @podling # copy podling
mail.cc = cc.uniq.map {|email| email.dup.untaint}
- # untaint to email addresses
+ # untaint from and to email addresses
mail.to = mail.to.map {|email| email.dup.untaint}
+ mail.from = @from.untaint
# echo email
form do
