[yast-devel] Re: [yast-commit] <web-client> master : validate list of e-mails in controller
Jiri Suchomel write:
ref: refs/heads/master commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383 Author: Jiri Suchomel <jsuchome@suse.cz> Date: Wed Oct 14 11:33:02 2009 +0200
validate list of e-mails in controller --- .../app/controllers/administrator_controller.rb | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/plugins/administrator/app/controllers/administrator_controller.rb b/plugins/administrator/app/controllers/administrator_controller.rb index d1d493e..52332ef 100644 --- a/plugins/administrator/app/controllers/administrator_controller.rb +++ b/plugins/administrator/app/controllers/administrator_controller.rb @@ -34,11 +34,16 @@ class AdministratorController < ApplicationController @administrator.password = admin["password"] @administrator.aliases = admin["aliases"]
- # FIXME validate for set of mails, not just one - if !admin["aliases"].empty? && admin["aliases"] !~ /(.+)@(.+)\.(.{2})/ # yes, very weak - flash[:error] = _("Enter a valid e-mail address.") - redirect_to :action => "index" - return + # validate data also here, if javascript in view is off + if !admin["aliases"].empty? + admin["aliases"].split(",").each do |mail| + # only check emails, not local users + if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/
^^^ Hi, I think that this regex is not valid. It means that you expect .?? in mail. so I think you have problem if someone want root@localhost Also it is not easy to see that alse user@gmail.com works (it is because you forget to append $ after regex and ^ before regex. Also this is not controller job, but unfortunatelly we don't have easy accessible model in frontend to add validation, but it should change in future ( I believe in ActiveResource branch).
+ flash[:error] = _("Enter a valid e-mail address.") + redirect_to :action => "index" + return + end + end end
if admin["password"] != admin["confirm_password"]
-- Josef Reidinger YaST team maintainer of perl-Bootloader, YaST2-Repair, webyast modules language and time -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Thursday 15 of October 2009 11:23:01 Josef Reidinger wrote:
Jiri Suchomel write:
ref: refs/heads/master commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383 Author: Jiri Suchomel <jsuchome@suse.cz> Date: Wed Oct 14 11:33:02 2009 +0200
validate list of e-mails in controller --- .../app/controllers/administrator_controller.rb | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/plugins/administrator/app/controllers/administrator_controller.rb b/plugins/administrator/app/controllers/administrator_controller.rb index d1d493e..52332ef 100644 --- a/plugins/administrator/app/controllers/administrator_controller.rb +++ b/plugins/administrator/app/controllers/administrator_controller.rb @@ -34,11 +34,16 @@ class AdministratorController < ApplicationController @administrator.password = admin["password"] @administrator.aliases = admin["aliases"]
- # FIXME validate for set of mails, not just one - if !admin["aliases"].empty? && admin["aliases"] !~ /(.+)@(.+)\.(.{2})/ # yes, very weak - flash[:error] = _("Enter a valid e-mail address.") - redirect_to :action => "index" - return + # validate data also here, if javascript in view is off + if !admin["aliases"].empty? + admin["aliases"].split(",").each do |mail| + # only check emails, not local users + if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/
^^^ Hi, I think that this regex is not valid. It means that you expect .?? in mail. so I think you have problem if someone want root@localhost Also it is not easy to see that alse user@gmail.com works (it is because you forget to append $ after regex and ^ before regex.
Also this is not controller job, but unfortunatelly we don't have easy accessible model in frontend to add validation, but it should change in future ( I believe in ActiveResource branch).
You are right, but this is just a backup if javascript is off, primary validation is in view, using jquery. And yes, I should probably create better regexp (while I do not want to have unreadable perfect one). -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Jiří Suchomel write:
On Thursday 15 of October 2009 11:23:01 Josef Reidinger wrote:
Jiri Suchomel write:
ref: refs/heads/master commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383 Author: Jiri Suchomel <jsuchome@suse.cz> Date: Wed Oct 14 11:33:02 2009 +0200
validate list of e-mails in controller --- .../app/controllers/administrator_controller.rb | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/plugins/administrator/app/controllers/administrator_controller.rb b/plugins/administrator/app/controllers/administrator_controller.rb index d1d493e..52332ef 100644 --- a/plugins/administrator/app/controllers/administrator_controller.rb +++ b/plugins/administrator/app/controllers/administrator_controller.rb @@ -34,11 +34,16 @@ class AdministratorController < ApplicationController @administrator.password = admin["password"] @administrator.aliases = admin["aliases"]
- # FIXME validate for set of mails, not just one - if !admin["aliases"].empty? && admin["aliases"] !~ /(.+)@(.+)\.(.{2})/ # yes, very weak - flash[:error] = _("Enter a valid e-mail address.") - redirect_to :action => "index" - return + # validate data also here, if javascript in view is off + if !admin["aliases"].empty? + admin["aliases"].split(",").each do |mail| + # only check emails, not local users + if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/
^^^ Hi, I think that this regex is not valid. It means that you expect .?? in mail. so I think you have problem if someone want root@localhost Also it is not easy to see that alse user@gmail.com works (it is because you forget to append $ after regex and ^ before regex.
Also this is not controller job, but unfortunatelly we don't have easy accessible model in frontend to add validation, but it should change in future ( I believe in ActiveResource branch).
You are right, but this is just a backup if javascript is off, primary validation is in view, using jquery.
And yes, I should probably create better regexp (while I do not want to have unreadable perfect one).
I think that problem is not that regex is not the best one, problem is that valid email have problem to pass (root@localhost is valid address). I suggest easy relaxed regex /^.+@.+$/ It is easy to read dummy regex, which all possible address must pass. -- Josef Reidinger YaST team maintainer of perl-Bootloader, YaST2-Repair, webyast modules language and time -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Thursday 15 of October 2009 17:07:13 Josef Reidinger wrote:
I think that problem is not that regex is not the best one, problem is that valid email have problem to pass (root@localhost is valid address). I suggest easy relaxed regex /^.+@.+$/ It is easy to read dummy regex, which all possible address must pass.
OK, I'll added this simple regex to controller. Ladislav, address such as root@localhost does not pass the javascript checks on the page... j -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (2)
-
Jiří Suchomel -
Josef Reidinger