X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/b70da7b8ea15ab48bb2f34155567cea6dffc8fc9..d8400320a78632f8ece9b5a27d6e0811e7bab8e1:/script/deliver-message diff --git a/script/deliver-message b/script/deliver-message index 71fa4f2f1..28d755b24 100755 --- a/script/deliver-message +++ b/script/deliver-message @@ -4,14 +4,14 @@ require File.join(File.dirname(__FILE__), "..", "config", "environment") if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/) comment = DiaryComment.find(recipient[1]) - digest = comment.digest + expected_token = comment.notification_token(recipient[2]) date = comment.created_at from = comment.diary_entry.subscribers.find(recipient[2]) to = comment.user token = recipient[3] elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/) message = Message.find(recipient[1]) - digest = message.digest + expected_token = message.notification_token date = message.sent_on from = message.recipient to = message.sender @@ -20,8 +20,8 @@ else exit 0 end +exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, expected_token) exit 0 unless from.active? -exit 0 unless token == digest[0, 6] exit 0 if date < 1.month.ago message&.update(:message_read => true)