jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #2759 from evazion/fix-dmail-filters

Browse Source 
Don't filter dmails from moderators; fix dmail filter exploit.
This commit is contained in:
Albert Yi
2016-11-14 16:27:17 -08:00
committed by GitHub
parent 536ba3c7ee 47f663e002
commit 0b9c1e1156
4 changed files with 55 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/dmail_filter.rb
View File

@@ -1,6 +1,6 @@
class DmailFilter < ActiveRecord::Base
belongs_to :user
attr_accessible :user_id, :words, :as => [:moderator, :janitor, :gold, :member, :anonymous, :default, :builder, :admin]
attr_accessible :words, :as => [:moderator, :janitor, :gold, :member, :anonymous, :default, :builder, :admin]
validates_presence_of :user
before_validation :initialize_user
@@ -11,7 +11,7 @@ class DmailFilter < ActiveRecord::Base
end
def filtered?(dmail)
dmail.from.level <= User::Levels::MODERATOR && has_filter? && (dmail.body =~ regexp || dmail.title =~ regexp || dmail.from.name =~ regexp)
dmail.from.level < User::Levels::MODERATOR && has_filter? && (dmail.body =~ regexp || dmail.title =~ regexp || dmail.from.name =~ regexp)
end
def has_filter?