Mailinglist Archive: yast-devel (233 mails)

< Previous Next >
[yast-devel] Re: [yast-commit] <web-client> master : validate list of e-mails in controller
  • From: Josef Reidinger <jreidinger@xxxxxxx>
  • Date: Thu, 15 Oct 2009 11:23:01 +0200
  • Message-id: <200910151123.01185.jreidinger@xxxxxxx>
Jiri Suchomel write:
ref: refs/heads/master
commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383
Author: Jiri Suchomel <jsuchome@xxxxxxx>
Date: Wed Oct 14 11:33:02 2009 +0200

validate list of e-mails in controller
---
.../app/controllers/administrator_controller.rb | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)

diff --git
a/plugins/administrator/app/controllers/administrator_controller.rb
b/plugins/administrator/app/controllers/administrator_controller.rb index
d1d493e..52332ef 100644
--- a/plugins/administrator/app/controllers/administrator_controller.rb
+++ b/plugins/administrator/app/controllers/administrator_controller.rb
@@ -34,11 +34,16 @@ class AdministratorController < ApplicationController
@administrator.password = admin["password"]
@administrator.aliases = admin["aliases"]

- # FIXME validate for set of mails, not just one
- if !admin["aliases"].empty? && admin["aliases"] !~ /(.+)@(.+)\.(.{2})/
# yes, very weak - flash[:error] = _("Enter a valid e-mail address.")
- redirect_to :action => "index"
- return
+ # validate data also here, if javascript in view is off
+ if !admin["aliases"].empty?
+ admin["aliases"].split(",").each do |mail|
+ # only check emails, not local users
+ if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/

^^^
Hi, I think that this regex is not valid. It means that you expect .?? in
mail.
so I think you have problem if someone want root@localhost
Also it is not easy to see that alse user@xxxxxxxxx works (it is because you
forget to append $ after regex and ^ before regex.

Also this is not controller job, but unfortunatelly we don't have easy
accessible model in frontend to add validation, but it should change in future
( I believe in ActiveResource branch).

+ flash[:error] = _("Enter a valid e-mail address.")
+ redirect_to :action => "index"
+ return
+ end
+ end
end

if admin["password"] != admin["confirm_password"]


--
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, webyast modules language and time
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups