Defect #36394

Avoid passing ActionController::Parameters outside of MailHandlerController

Added by Felix Schäfer 5 months ago. Updated 2 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:Code cleanup/refactoring
Target version:5.0.0
Resolution:Fixed Affected version:4.2.3

Description

Currently the MailHandlerController passes an instance of ActionController::Parameters to the MailHandler. The options holds a duplicate ActionController::Parameters of the Controller params.

This can cause difficulties in later processing. We propose explicitly permit-ing the params that will be used later and using a Hash for the options.

36394-mail_handler_controller_permit_parameters.patch Magnifier (979 Bytes) Felix Schäfer, 2022-01-06 17:03

36394-mail_handler_controller_permit_parameters-v2.patch Magnifier (1.77 KB) Go MAEDA, 2022-01-17 02:49

Associated revisions

Revision 21464
Added by Marius BALTEANU 2 months ago

Avoid passing ActionController::Parameters outside of MailHandlerController (#36394).

Patch by Felix Schäfer.

History

#1 Updated by Felix Schäfer 5 months ago

I have forgotten to add a link to the source code source:/trunk/app/controllers/mail_handler_controller.rb@21350#L31

#2 Updated by Felix Schäfer 5 months ago

The attached patch allows all options set by rdm-mailhandler.rb source:/trunk/extra/mail_handler/rdm-mailhandler.rb@21350#L156. This will need to be kept in sync, so maybe adding a comment on both sides will make it easier to remember to add new options to the other side too.

#3 Updated by Go MAEDA 4 months ago

Felix Schäfer wrote:

The attached patch allows all options set by rdm-mailhandler.rb source:/trunk/extra/mail_handler/rdm-mailhandler.rb@21350#L156. This will need to be kept in sync, so maybe adding a comment on both sides will make it easier to remember to add new options to the other side too.

Updated the patch to add a comment on app/controllers/mail_handler_controller.rb and extra/mail_handler/rdm-mailhandler.rb.

#4 Updated by Go MAEDA 4 months ago

  • Category changed from Email receiving to Code cleanup/refactoring
  • Target version changed from Candidate for next major release to 5.0.0

Setting the target version to 5.0.0.

#5 Updated by Marius BALTEANU 2 months ago

  • Status changed from New to Resolved
  • Assignee set to Marius BALTEANU
  • Resolution set to Fixed

Patch committed, thanks!

#6 Updated by Marius BALTEANU 2 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF