> On Nov 2, 2017, at 4:24 PM, Sam Ruby <ru...@intertwingly.net> wrote:
>
> On Thu, Nov 2, 2017 at 6:58 PM, Craig Russell <apache....@gmail.com> wrote:
>> The error appears to be here:
>>
>> # untaint to email addresses
>> mail.to = mail.to.map {|email| email.dup.untaint} <== here
>>
>> But the mail.to should be r...@apache.org
>
> mail.to is normally an array of values. In this case, it is a string
> containing the bulk of the headers and body of the message.
Why does email to: contain all that stuff?
Given that the email to: was created in line 221, I don't understand why it
needs to be untainted.
>
>> Why does this need to be untainted? Why does it fail just on this email? The
>> only thing different about this email is the non-ascii characters in the
>> name...
>
> Bug reported against mail gem:
> https://github.com/mikel/mail/issues/1167. The existence of non-ASCII
> characters and the absence of CR's appear to be involved. I want to
> think briefly about whether it would be better to pin to an older
> version of this gem (which would work, but would mean that we wouldn't
> get bug fixes), or to find a reasonable workaround.
What bad would happen if line 232 were removed? Could the template('acreq.erb')
be untainted by itself? mail cc: is untainted in line 229.
Craig
>
>> Craig
>
> - Sam Ruby
>
>>> On Nov 2, 2017, at 3:31 PM, Craig Russell <apache....@gmail.com> wrote:
>>>
>>> Hi Sam,
>>>
>>>> On Nov 2, 2017, at 12:08 PM, Sam Ruby <ru...@intertwingly.net> wrote:
>>>>
>>>> Reproduction instructions?
>>>
>>> Try to file the icla from Nandor Kollar.
>>>
>>> Thanks!
>>>
>>> Craig
>>>>
>>>> - Sam Ruby
>>>>
>>>> On Thu, Nov 2, 2017 at 11:27 AM, Craig Russell <apache....@gmail.com>
>>>> wrote:
>>>>> #<NoMethodError: undefined method `map' for #<String:0x007f9ba34add28>
>>>>> Did you mean? tap>
>>>>> /x1/srv/whimsy/www/secretary/workbench/views/actions/icla.json.rb:232:in
>>>>> `block in _evaluate'
>>>>> /x1/srv/whimsy/www/secretary/workbench/tasks.rb:9:in `task'
>>>>> /x1/srv/whimsy/www/secretary/workbench/views/actions/icla.json.rb:221:in
>>>>> `_evaluate'
>>>>> /x1/srv/whimsy/www/secretary/workbench/server.rb:68:in `block in <top
>>>>> (required)>'
>>>>> /x1/srv/whimsy/lib/whimsy/asf/rack.rb:223:in `call'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/rack/out_of_band_gc.rb:48:in
>>>>> `call'
>>>>> /x1/srv/whimsy/lib/whimsy/asf/rack.rb:148:in `call'
>>>>> /x1/srv/whimsy/lib/whimsy/asf/rack.rb:79:in `call'
>>>>> /x1/srv/whimsy/lib/whimsy/asf/rack.rb:254:in `call'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in
>>>>> `process_request'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:160:in
>>>>> `accept_and_process_next_request'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:113:in
>>>>> `main_loop'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in
>>>>> `block (3 levels) in start_threads'
>>>>> /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8/src/ruby_supportlib/phusion_passenger/utils.rb:113:in
>>>>> `block in create_thread_and_abort_on_exception'
>>>>>
>>>>> Craig L Russell
>>>>> Secretary, Apache Software Foundation
>>>>> c...@apache.org http://db.apache.org/jdo
>>>>>
>>>
>>> Craig L Russell
>>> Secretary, Apache Software Foundation
>>> c...@apache.org http://db.apache.org/jdo
>>
>> Craig L Russell
>> Secretary, Apache Software Foundation
>> c...@apache.org http://db.apache.org/jdo
>>
Craig L Russell
Secretary, Apache Software Foundation
c...@apache.org http://db.apache.org/jdo
