[yast-devel] Re: [yast-commit] <web-client> master : validate list of e-mails in controller

15 Oct 2009

Jiri Suchomel write:
...
ref: refs/heads/master
commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383
Author: Jiri Suchomel <jsuchome@suse.cz>
Date:   Wed Oct 14 11:33:02 2009 +0200
validate list of e-mails in controller
---
 .../app/controllers/administrator_controller.rb    |   15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diff --git
 a/plugins/administrator/app/controllers/administrator_controller.rb
 b/plugins/administrator/app/controllers/administrator_controller.rb index
 d1d493e..52332ef 100644
--- a/plugins/administrator/app/controllers/administrator_controller.rb
+++ b/plugins/administrator/app/controllers/administrator_controller.rb
@@ -34,11 +34,16 @@ class AdministratorController < ApplicationController
     @administrator.password	= admin["password"]
     @administrator.aliases	= admin["aliases"]
-    # FIXME validate for set of mails, not just one
-    if !admin["aliases"].empty? && admin["aliases"] !~ /(.+)@(.+)\.(.{2})/
 # yes, very weak -      flash[:error] = _("Enter a valid e-mail address.")
-      redirect_to :action => "index"
-      return
+    # validate data also here, if javascript in view is off
+    if !admin["aliases"].empty?
+      admin["aliases"].split(",").each do |mail|
+	# only check emails, not local users
+        if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/
^^^
Hi, I think that this regex is not valid. It means that you expect .?? in 
mail.
so I think you have problem if someone want root@localhost
Also it is not easy to see that  alse user@gmail.com works (it is because you 
forget to append $ after regex and ^ before regex.

Also this is not controller job, but unfortunatelly we don't have easy 
accessible model in frontend to add validation, but it should change in future 
( I believe in ActiveResource branch).
...
+          flash[:error] = _("Enter a valid e-mail address.")
+          redirect_to :action => "index"
+          return
+	end
+      end
     end
if admin["password"] != admin["confirm_password"]
-- 
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, webyast modules language and time
-- 
To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org
For additional commands, e-mail: yast-devel+help@opensuse.org

    