Mailinglist Archive: yast-devel (233 mails)

< Previous Next >
Re: [yast-devel] Re: [yast-commit] <web-client> master : validate list of e-mails in controller
  • From: Jiří Suchomel <jsuchome@xxxxxxx>
  • Date: Thu, 15 Oct 2009 11:34:55 +0200
  • Message-id: <200910151134.56015.jsuchome@xxxxxxx>
On Thursday 15 of October 2009 11:23:01 Josef Reidinger wrote:
Jiri Suchomel write:
ref: refs/heads/master
commit 23404e1c1c45f1ccb9a89e707c080a86bfeb7383
Author: Jiri Suchomel <jsuchome@xxxxxxx>
Date: Wed Oct 14 11:33:02 2009 +0200

validate list of e-mails in controller
---
.../app/controllers/administrator_controller.rb | 15
++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-)

diff --git
a/plugins/administrator/app/controllers/administrator_controller.rb
b/plugins/administrator/app/controllers/administrator_controller.rb
index d1d493e..52332ef 100644
--- a/plugins/administrator/app/controllers/administrator_controller.rb
+++ b/plugins/administrator/app/controllers/administrator_controller.rb
@@ -34,11 +34,16 @@ class AdministratorController < ApplicationController
@administrator.password = admin["password"]
@administrator.aliases = admin["aliases"]

- # FIXME validate for set of mails, not just one
- if !admin["aliases"].empty? && admin["aliases"] !~
/(.+)@(.+)\.(.{2})/ # yes, very weak - flash[:error] = _("Enter a
valid e-mail address.") - redirect_to :action => "index"
- return
+ # validate data also here, if javascript in view is off
+ if !admin["aliases"].empty?
+ admin["aliases"].split(",").each do |mail|
+ # only check emails, not local users
+ if mail.include?("@") && mail !~ /(.+)@(.+)\.(.{2})/

^^^
Hi, I think that this regex is not valid. It means that you expect .?? in
mail.
so I think you have problem if someone want root@localhost
Also it is not easy to see that alse user@xxxxxxxxx works (it is because
you forget to append $ after regex and ^ before regex.

Also this is not controller job, but unfortunatelly we don't have easy
accessible model in frontend to add validation, but it should change in
future ( I believe in ActiveResource branch).

You are right, but this is just a backup if javascript is off, primary
validation is in view, using jquery.

And yes, I should probably create better regexp (while I do not want to have
unreadable perfect one).



--
Jiri Suchomel

SUSE LINUX, s.r.o. e-mail: jsuchome@xxxxxxx
Lihovarská 1060/12 tel: +420 284 028 960
190 00 Praha 9, Czech Republic http://www.suse.cz
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References