From 2fda252378fe99cbe80f0749c7c2af020b1a2cef Mon Sep 17 00:00:00 2001
From: Eric Allen <ericpallen@gmail.com>
Date: Sat, 20 Sep 2008 19:20:08 -0700
Subject: [PATCH] Sanitize all input to help with icky emails

---
 app/models/message_gateway.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/app/models/message_gateway.rb b/app/models/message_gateway.rb
index 83f8ad67..a59927ad 100644
--- a/app/models/message_gateway.rb
+++ b/app/models/message_gateway.rb
@@ -1,4 +1,5 @@
 class MessageGateway < ActionMailer::Base
+  include ActionView::Helpers::SanitizeHelper
   def receive(email)
     user = User.find(:first, :include => [:preference], :conditions => ["preferences.sms_email = ?", email.from[0].strip])
     if user.nil?
@@ -11,16 +12,16 @@ class MessageGateway < ActionMailer::Base
     notes = nil
 
     if email.content_type == "multipart/related"
-      description = email.subject
+      description = sanitize email.subject
       body_part = email.parts.find{|m| m.content_type == "text/plain"}
-      notes = body_part.body.strip
+      notes = sanitize body_part.body.strip
     else
       if email.subject.empty?
-        description = email.body.strip
+        description = sanitize email.body.strip
         notes = nil
       else
-        description = email.subject.strip
-        notes = email.body.strip
+        description = sanitize email.subject.strip
+        notes = sanitize email.body.strip
       end
     end