36394-mail_handler_controller_permit_parameters-v2.patch

Go MAEDA, 2022-01-17 02:49

Download (1.77 KB)

View differences:

app/controllers/mail_handler_controller.rb
28 28

  
29 29
  # Submits an incoming email to MailHandler
30 30
  def index
31
    options = params.dup
31
    # MailHandlerController#index should permit all options set by
32
    # RedmineMailHandler#submit in rdm-mailhandler.rb.
33
    # It must be kept in sync.
34
    options = params.permit(
35
      :key,
36
      :email,
37
      :allow_override,
38
      :unknown_user,
39
      :default_group,
40
      :no_account_notice,
41
      :no_notification,
42
      :no_permission_check,
43
      :project_from_subaddress,
44
      {
45
        issue: [
46
          :project,
47
          :status,
48
          :tracker,
49
          :category,
50
          :priority,
51
          :assigned_to,
52
          :fixed_version,
53
          :is_private
54
        ]
55
      }
56
    ).to_h
32 57
    email = options.delete(:email)
33 58
    if MailHandler.safe_receive(email, options)
34 59
      head :created
extra/mail_handler/rdm-mailhandler.rb
153 153

  
154 154
    headers = { 'User-Agent' => "Redmine mail handler/#{VERSION}" }
155 155

  
156
    # MailHandlerController#index should permit all options set by
157
    # RedmineMailHandler#submit in rdm-mailhandler.rb.
158
    # It must be kept in sync.
156 159
    data = { 'key' => key, 'email' => email.gsub(/(?<!\r)\n|\r(?!\n)/, "\r\n"),
157 160
                           'allow_override' => allow_override,
158 161
                           'unknown_user' => unknown_user,