github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 13:03:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

always strip s/mime signatures in incoming emails

Browse Source
This commit is contained in:
Régis Hanol 2016-06-27 22:26:05 +02:00
parent 32b22996d0
commit 376881845c
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/email/receiver.rb
View File

@ -429,6 +429,9 @@ module Email
def create_post_with_attachments(options={}) def create_post_with_attachments(options={})
# deal with attachments # deal with attachments
@mail.attachments.each do |attachment| @mail.attachments.each do |attachment|
# always strip S/MIME signatures
next if attachment.content_type == "application/pkcs7-mime".freeze
tmp = Tempfile.new("discourse-email-attachment") tmp = Tempfile.new("discourse-email-attachment")
begin begin
# read attachment # read attachment

6
lib/validators/upload_validator.rb
View File

@ -5,7 +5,11 @@ module Validators; end
class Validators::UploadValidator < ActiveModel::Validator class Validators::UploadValidator < ActiveModel::Validator
def validate(upload) def validate(upload)
return true if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages # allow all attachments except S/MIME signatures
# cf. https://meta.discourse.org/t/strip-s-mime-signatures/46371
if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
return upload.original_filename != "smime.p7s".freeze
end
extension = File.extname(upload.original_filename)[1..-1] || "" extension = File.extname(upload.original_filename)[1..-1] || ""