ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #6025 from FinnStutzenstein/fromEmailValidation

Browse Source 
Validate the from email for invalid characters
This commit is contained in:
Emanuel Schütze 2021-04-22 15:34:15 +02:00 committed by GitHub
commit fafcf5d583
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
server/openslides/users/models.py
View File

@ -271,12 +271,26 @@ class User(RESTModelMixin, PermissionsMixin, AbstractBaseUser):
except KeyError as err: except KeyError as err:
raise ValidationError({"detail": "Invalid property {0}", "args": [err]}) raise ValidationError({"detail": "Invalid property {0}", "args": [err]})
from_email = config["users_email_sender"].strip()
blacklist = ("[", "]", "\\")
if any(x in from_email for x in blacklist):
blacklist_str = '"' + '", "'.join(blacklist) + '"'
raise ValidationError(
{
"detail": "Invalid characters in the sender name configuration. "
+ f"Not allowed: {blacklist_str}"
}
)
if from_email:
from_email += " "
from_email += f"<{settings.DEFAULT_FROM_EMAIL}>"
# Create an email and send it. # Create an email and send it.
email = mail.EmailMessage( email = mail.EmailMessage(
subject, subject=subject,
message, body=message,
config["users_email_sender"] + " <" + settings.DEFAULT_FROM_EMAIL + ">", from_email=from_email,
[self.email], to=[self.email],
reply_to=[config["users_email_replyto"]], reply_to=[config["users_email_replyto"]],
) )
try: try: