Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-03-12 07:32:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sanitize all input to help with icky emails

Browse source
This commit is contained in:
Eric Allen 2008-09-20 19:20:08 -07:00
parent ca4255332f
commit 2fda252378
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
app/models/message_gateway.rb
View file

@ -1,4 +1,5 @@
class MessageGateway < ActionMailer::Base class MessageGateway < ActionMailer::Base
include ActionView::Helpers::SanitizeHelper
def receive(email) def receive(email)
user = User.find(:first, :include => [:preference], :conditions => ["preferences.sms_email = ?", email.from[0].strip]) user = User.find(:first, :include => [:preference], :conditions => ["preferences.sms_email = ?", email.from[0].strip])
if user.nil? if user.nil?
@ -11,16 +12,16 @@ class MessageGateway < ActionMailer::Base
notes = nil notes = nil
if email.content_type == "multipart/related" if email.content_type == "multipart/related"
description = email.subject description = sanitize email.subject
body_part = email.parts.find{|m| m.content_type == "text/plain"} body_part = email.parts.find{|m| m.content_type == "text/plain"}
notes = body_part.body.strip notes = sanitize body_part.body.strip
else else
if email.subject.empty? if email.subject.empty?
description = email.body.strip description = sanitize email.body.strip
notes = nil notes = nil
else else
description = email.subject.strip description = sanitize email.subject.strip
notes = email.body.strip notes = sanitize email.body.strip
end end
end end