]> git.openstreetmap.org Git - rails.git/blobdiff - script/deliver-message
Reject referers that do not include an absolute path
[rails.git] / script / deliver-message
index 6dffea96cbff9633dcc023f9f8a6cc7937c18c2a..71fa4f2f15b1e500d5ca55ca2be19f5db0658987 100755 (executable)
@@ -1,42 +1,38 @@
 #!/usr/bin/env ruby
 
 #!/usr/bin/env ruby
 
-require File.dirname(__FILE__) + '/../config/environment'
+require File.join(File.dirname(__FILE__), "..", "config", "environment")
 
 
-exit 0 unless recipient = ARGV[0].match(/^([cm])-(\d+)-(.*)$/)
-
-if recipient[1] == "c"
-  comment = DiaryComment.find(recipient[2])
+if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
+  comment = DiaryComment.find(recipient[1])
   digest = comment.digest
   digest = comment.digest
-  from = comment.diary_entry.user
+  date = comment.created_at
+  from = comment.diary_entry.subscribers.find(recipient[2])
   to = comment.user
   to = comment.user
-else
-  message = Message.find(recipient[2])
+  token = recipient[3]
+elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
+  message = Message.find(recipient[1])
   digest = message.digest
   digest = message.digest
+  date = message.sent_on
   from = message.recipient
   to = message.sender
   from = message.recipient
   to = message.sender
+  token = recipient[2]
+else
+  exit 0
 end
 
 end
 
-exit 0 unless recipient[3] == digest[0,6]
+exit 0 unless from.active?
+exit 0 unless token == digest[0, 6]
+exit 0 if date < 1.month.ago
 
 
-message.update_attribute(:message_read, true) if message
+message&.update(:message_read => true)
 
 
-mail = Mail.new(STDIN.readlines.join)
-
-if mail.multipart?
-  body = mail.html_part || mail.text_part
-else
-  body = mail
-end
+mail = Mail.new($stdin.read
+                     .encode(:universal_newline => true)
+                     .encode(:crlf_newline => true))
 
 
-message = Message.new({
-  :sender => from,
-  :recipient => to,
-  :sent_on => mail.date.new_offset(0),
-  :title => mail.subject.sub(/\[OpenStreetMap\] */, ""),
-  :body => body.decoded
-}, :without_protection => true)
+message = Message.from_mail(mail, from, to)
 message.save!
 
 message.save!
 
-Notifier.message_notification(message).deliver
+UserMailer.message_notification(message).deliver
 
 exit 0
 
 exit 0