Defect #36394 » 36394-mail_handler_controller_permit_parameters-v2.patch
| app/controllers/mail_handler_controller.rb | ||
|---|---|---|
| 28 | 28 | |
| 29 | 29 |
# Submits an incoming email to MailHandler |
| 30 | 30 |
def index |
| 31 |
options = params.dup |
|
| 31 |
# MailHandlerController#index should permit all options set by |
|
| 32 |
# RedmineMailHandler#submit in rdm-mailhandler.rb. |
|
| 33 |
# It must be kept in sync. |
|
| 34 |
options = params.permit( |
|
| 35 |
:key, |
|
| 36 |
:email, |
|
| 37 |
:allow_override, |
|
| 38 |
:unknown_user, |
|
| 39 |
:default_group, |
|
| 40 |
:no_account_notice, |
|
| 41 |
:no_notification, |
|
| 42 |
:no_permission_check, |
|
| 43 |
:project_from_subaddress, |
|
| 44 |
{
|
|
| 45 |
issue: [ |
|
| 46 |
:project, |
|
| 47 |
:status, |
|
| 48 |
:tracker, |
|
| 49 |
:category, |
|
| 50 |
:priority, |
|
| 51 |
:assigned_to, |
|
| 52 |
:fixed_version, |
|
| 53 |
:is_private |
|
| 54 |
] |
|
| 55 |
} |
|
| 56 |
).to_h |
|
| 32 | 57 |
email = options.delete(:email) |
| 33 | 58 |
if MailHandler.safe_receive(email, options) |
| 34 | 59 |
head :created |
| extra/mail_handler/rdm-mailhandler.rb | ||
|---|---|---|
| 153 | 153 | |
| 154 | 154 |
headers = { 'User-Agent' => "Redmine mail handler/#{VERSION}" }
|
| 155 | 155 | |
| 156 |
# MailHandlerController#index should permit all options set by |
|
| 157 |
# RedmineMailHandler#submit in rdm-mailhandler.rb. |
|
| 158 |
# It must be kept in sync. |
|
| 156 | 159 |
data = { 'key' => key, 'email' => email.gsub(/(?<!\r)\n|\r(?!\n)/, "\r\n"),
|
| 157 | 160 |
'allow_override' => allow_override, |
| 158 | 161 |
'unknown_user' => unknown_user, |
- « Previous
- 1
- 2
- Next »