Unverified Commit d59dd1e9 authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #1366 from ikedas/ldidry/fix-533 by ldidry & ikedas

Fix #533 — Prevent the use of the list address as subscriber
parents 43da077a c09c6368
......@@ -663,6 +663,15 @@ Warning: this message may already have been sent by one of the list's moderators
[%~ ELSIF report_entry == 'blocklisted_domain' ~%]
[%|loc(report_param.email || report_param.value)%]Address "%1" belongs to a blocklisted domain[%END%]
[%~ ELSIF report_entry == 'email_is_the_list' ~%]
[% IF report_param.role == 'owner' ~%]
[%|loc(report_param.email)%]Address "%1" is the address for the list owners[%END%]
[%~ ELSIF report_param.role == 'editor' ~%]
[%|loc(report_param.email)%]Address "%1" is the address for the list moderators[%END%]
[%~ ELSE ~%]
[%|loc(report_param.email)%]Address "%1" is the address of the list[%END%]
[%~ END %]
[%~ ELSIF report_entry == 'incorrect_passwd' ~%]
[%|loc%]Provided password is incorrect[%END%]
......
......@@ -3117,13 +3117,25 @@ sub add_list_member {
unless (Sympa::Tools::Text::valid_email($u->{email})) {
$log->syslog('err', 'Ignoring %s which is not a valid email',
$u->{email});
push @$stash_ref,
[
'user', 'incorrect_email',
{email => $u->{email}, role => 'member'}
];
next;
}
my $who = Sympa::Tools::Text::canonic_email($u->{email});
if (Sympa::Tools::Domains::is_blocklisted($who)) {
$log->syslog('err', 'Ignoring %s which uses a blocklisted domain',
$u->{email});
$who);
push @$stash_ref, ['user', 'blocklisted_domain', {email => $who}];
next;
}
if ($who eq $self->get_id) {
$log->syslog('err',
'Ignoring %s which is the address of the list', $who);
push @$stash_ref, ['user', 'email_is_the_list', {email => $who}];
next;
}
unless (
......@@ -3314,7 +3326,7 @@ sub add_list_admin {
$sdm->begin;
foreach my $user (@users) {
$total++ if $self->_add_list_admin($role, $user, stash => $stash_ref);
$total++ if $self->_add_list_admin($role, $user, %options);
}
unless ($sdm->commit) {
......@@ -3338,9 +3350,25 @@ sub _add_list_admin {
my $stash_ref = $options{stash} || [];
return undef unless Sympa::Tools::Text::valid_email($u->{email});
unless (Sympa::Tools::Text::valid_email($u->{email})) {
$log->syslog('err', 'Ignoring %s which is not a valid email',
$u->{email});
push @$stash_ref,
['user', 'incorrect_email',
{email => $u->{email}, role => $role}];
return undef;
}
my $who = Sympa::Tools::Text::canonic_email($u->{email});
if ($who eq Sympa::get_address($self, $role)) {
$log->syslog('err',
'Ignoring %s which is the address for the list %s',
$who, $role);
push @$stash_ref,
['user', 'email_is_the_list', {email => $who, role => $role}];
return undef;
}
my $values = $self->get_default_user_options(role => $role);
while (my ($k, $v) = each %$u) {
$values->{$k} = $v if defined $v;
......
......@@ -35,9 +35,6 @@ use Sympa;
use Conf;
use Sympa::Language;
use Sympa::Log;
use Sympa::Tools::Domains;
use Sympa::Tools::Password;
use Sympa::Tools::Text;
use Sympa::User;
use base qw(Sympa::Request::Handler);
......@@ -66,31 +63,15 @@ sub _twist {
$language->set_lang($list->{'admin'}{'lang'});
unless (Sympa::Tools::Text::valid_email($email)) {
$self->add_stash($request, 'user', 'incorrect_email',
{'email' => $email});
$log->syslog('err',
'request "add" rejected; incorrect email "%s"', $email);
return undef;
}
my @stash;
if ($role eq 'member') {
unless ($request->{force} or $list->is_subscription_allowed) {
$log->syslog('info', 'List %s not open', $list);
$self->add_stash($request, 'user', 'list_not_open',
{'status' => $list->{'admin'}{'status'}});
{status => $list->{'admin'}{'status'}});
$self->{finish} = 1;
return undef;
}
if (Sympa::Tools::Domains::is_blocklisted($email)) {
$self->add_stash($request, 'user', 'blocklisted_domain',
{'email' => $email});
$log->syslog('err',
'request "add" rejected; blocklisted domain for "%s"',
$email);
return undef;
}
$list->add_list_member(
{email => $email, gecos => $comment, custom_attribute => $ca},
......@@ -136,7 +117,7 @@ sub _report_member {
my $comment = $request->{gecos};
$self->add_stash($request, 'notice', 'now_subscriber',
{'email' => $email, listname => $list->{'name'}});
{email => $email, listname => $list->{'name'}});
# FIXME: Required?
my $user = Sympa::User->new($email);
......
......@@ -65,7 +65,7 @@ sub _twist {
unless ($request->{force} or $list->is_subscription_allowed) {
$log->syslog('info', 'List %s not open', $list);
$self->add_stash($request, 'user', 'list_not_open',
{'status' => $list->{'admin'}{'status'}});
{status => $list->{'admin'}{'status'}});
$self->{finish} = 1;
return undef;
}
......
......@@ -418,8 +418,8 @@ sub _update_users {
while (my $entry = $ds->next) {
my $email = $entry->[0];
next unless Sympa::Tools::Text::valid_email($email);
$email = Sympa::Tools::Text::canonic_email($email);
$email = Sympa::Tools::Text::canonic_email($email)
if Sympa::Tools::Text::valid_email($email);
# 1. If role of the data source is 'member' and the user is excluded:
# Do nothing.
......
......@@ -60,13 +60,10 @@ sub _twist {
# If a list is not 'open' and allow_subscribe_if_pending has been set to
# 'off' returns undef.
unless ($list->{'admin'}{'status'} eq 'open'
or
Conf::get_robot_conf($list->{'domain'}, 'allow_subscribe_if_pending')
eq 'on') {
$self->add_stash($request, 'user', 'list_not_open',
{'status' => $list->{'admin'}{'status'}});
unless ($list->is_subscription_allowed) {
$log->syslog('info', 'List %s not open', $list);
$self->add_stash($request, 'user', 'list_not_open',
{status => $list->{'admin'}{'status'}});
return undef;
}
......
......@@ -35,8 +35,6 @@ use Sympa;
use Conf;
use Sympa::Language;
use Sympa::Log;
use Sympa::Tools::Domains;
use Sympa::Tools::Password;
use Sympa::User;
use base qw(Sympa::Request::Handler);
......@@ -74,24 +72,13 @@ sub _twist {
undef $comment;
}
if (Sympa::Tools::Domains::is_blocklisted($email)) {
$self->add_stash($request, 'user', 'blocklisted_domain',
{'email' => $email});
$log->syslog('err',
'SUBSCRIBE to %s command rejected; blocklisted domain for "%s"',
$list, $email);
return undef;
}
# If a list is not 'open' and allow_subscribe_if_pending has been set to
# 'off' returns undef.
unless ($list->{'admin'}{'status'} eq 'open'
or
Conf::get_robot_conf($list->{'domain'}, 'allow_subscribe_if_pending')
eq 'on') {
$self->add_stash($request, 'user', 'list_not_open',
{'status' => $list->{'admin'}{'status'}});
unless ($list->is_subscription_allowed) {
$log->syslog('info', 'List %s not open', $list);
$self->add_stash($request, 'user', 'list_not_open',
{status => $list->{'admin'}{'status'}});
$self->{finish} = 1;
return undef;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment