Hello community, here is the log from the commit of package webyast-mail-ws for openSUSE:Factory checked in at Thu Mar 10 11:58:09 CET 2011. -------- --- webyast-mail-ws/webyast-mail-ws.changes 2011-02-09 10:12:47.000000000 +0100 +++ /mounts/work_src_done/STABLE/webyast-mail-ws/webyast-mail-ws.changes 2011-03-09 13:11:58.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Mar 9 13:05:49 CET 2011 - jsuchome@suse.cz + +- remove potential problematic characters from email address +- remove file only when present (bnc#645379) +- 0.2.3 + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ webyast-mail-ws.spec ++++++ --- /var/tmp/diff_new_pack.giUtgr/_old 2011-03-10 11:46:52.000000000 +0100 +++ /var/tmp/diff_new_pack.giUtgr/_new 2011-03-10 11:46:52.000000000 +0100 @@ -26,7 +26,7 @@ Group: Productivity/Networking/Web/Utilities Url: http://en.opensuse.org/Portal:WebYaST AutoReqProv: on -Version: 0.2.2 +Version: 0.2.3 Release: 1 Summary: WebYaST - system mail settings service Source: www.tar.bz2 ++++++ www.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/controllers/mail/state_controller.rb new/www/app/controllers/mail/state_controller.rb --- old/www/app/controllers/mail/state_controller.rb 2010-08-27 14:58:55.000000000 +0200 +++ new/www/app/controllers/mail/state_controller.rb 2011-03-08 11:47:08.000000000 +0100 @@ -32,7 +32,7 @@ yapi_perm_check "mailsettings.write" logger.warn "Confirmation of testmail" - File.delete Mail::TEST_MAIL_FILE + File.delete Mail::TEST_MAIL_FILE if File.exist? Mail::TEST_MAIL_FILE mail = Mail.find respond_to do |format| diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/models/mail.rb new/www/app/models/mail.rb --- old/www/app/models/mail.rb 2011-02-01 10:49:25.000000000 +0100 +++ new/www/app/models/mail.rb 2011-03-09 12:50:15.000000000 +0100 @@ -67,7 +67,10 @@ message = "This is the test mail sent to you by webYaST. Go to the status page and confirm you've got it." - `/bin/echo "#{message}" | /bin/mail -s "WebYaST Test Mail" #{to} -r root` # XXX tom take care of injection via 'message' and 'to', can be very dangerous + # remove potential problematic characters from email address + to.tr!("~'\"<>","") + + `/bin/echo "#{message}" | /bin/mail -s "WebYaST Test Mail" '#{to}' -r root` unless File.directory? File.join(Paths::VAR,"mail") Rails.logger.debug "directory does not exists...." ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org