Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-22 16:06:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate Group IDs and SecureJoin tokens

Browse Source
This commit is contained in:
link2xt
2024-02-20 14:44:22 +00:00
parent 612aa1431e
commit e4b49dfdef
6 changed files with 72 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/receive_imf.rs
View File

@@ -38,7 +38,9 @@ use crate::simplify;
use crate::sql;
use crate::stock_str;
use crate::sync::Sync::*;
use crate::tools::{self, buf_compress, extract_grpid_from_rfc724_mid, strip_rtlo_characters};
use crate::tools::{
self, buf_compress, extract_grpid_from_rfc724_mid, strip_rtlo_characters, validate_id,
};
use crate::{contact, imap};
/// This is the struct that is returned after receiving one email (aka MIME message).
@@ -2356,7 +2358,10 @@ async fn apply_mailinglist_changes(
}
fn try_getting_grpid(mime_parser: &MimeMessage) -> Option<String> {
if let Some(optional_field) = mime_parser.get_header(HeaderDef::ChatGroupId) {
if let Some(optional_field) = mime_parser
.get_header(HeaderDef::ChatGroupId)
.filter(|s| validate_id(s))
{
return Some(optional_field.clone());
}