ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Validate the from email for invalid characters

Browse Source 
This might not be sufficient for all cases. If some other strange
IndexErrors appear, more validation has to be done. For now, it catches
all observed cases.
This commit is contained in:
Finn Stutzenstein 2021-04-22 12:33:33 +02:00
parent 4f35770769
commit a8e329253c
No known key found for this signature in database
GPG Key ID: 9042F605C6324654
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
server/openslides/users/models.py
View File

@ -271,12 +271,26 @@ class User(RESTModelMixin, PermissionsMixin, AbstractBaseUser):
except KeyError as err: except KeyError as err:
raise ValidationError({"detail": "Invalid property {0}", "args": [err]}) raise ValidationError({"detail": "Invalid property {0}", "args": [err]})
from_email = config["users_email_sender"].strip()
blacklist = ("[", "]", "\\")
if any(x in from_email for x in blacklist):
blacklist_str = '"' + '", "'.join(blacklist) + '"'
raise ValidationError(
{
"detail": "Invalid characters in the sender name configuration. "
+ f"Not allowed: {blacklist_str}"
}
)
if from_email:
from_email += " "
from_email += f"<{settings.DEFAULT_FROM_EMAIL}>"
# Create an email and send it. # Create an email and send it.
email = mail.EmailMessage( email = mail.EmailMessage(
subject, subject=subject,
message, body=message,
config["users_email_sender"] + " <" + settings.DEFAULT_FROM_EMAIL + ">", from_email=from_email,
[self.email], to=[self.email],
reply_to=[config["users_email_replyto"]], reply_to=[config["users_email_replyto"]],
) )
try: try: