IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: new email attachment blacklists site settings

Browse Source
This commit is contained in:
Régis Hanol
2016-08-03 17:55:54 +02:00
parent cb809784df
commit e92f5e4fbf
5 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/email/receiver.rb
View File

@@ -436,11 +436,14 @@ module Email
raise InvalidPostAction.new(e)
end
def create_post_with_attachments(options={})
# deal with attachments
@mail.attachments.each do |attachment|
# always strip S/MIME signatures
next if attachment.content_type == "application/pkcs7-mime".freeze
# strip blacklisted attachments (mostly signatures)
next if attachment.content_type =~ SiteSetting.attachment_content_type_blacklist_regex
next if attachment.filename =~ SiteSetting.attachment_filename_blacklist_regex
tmp = Tempfile.new("discourse-email-attachment")
begin

5
lib/validators/upload_validator.rb
View File

@@ -5,10 +5,9 @@ module Validators; end
class Validators::UploadValidator < ActiveModel::Validator
def validate(upload)
# allow all attachments except S/MIME signatures
# cf. https://meta.discourse.org/t/strip-s-mime-signatures/46371
# check the attachment blacklist
if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
return upload.original_filename != "smime.p7s".freeze
return upload.original_filename =~ SiteSetting.attachment_filename_blacklist_regex
end
extension = File.extname(upload.original_filename)[1..-1] || ""