X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/bb2ffab9ec0ce6ff4c2ee69ddfa57e4f75963685..22160b445fefecfc05df263ebeccc1d090c1a9f1:/script/deliver-message?ds=sidebyside diff --git a/script/deliver-message b/script/deliver-message index 047969532..81de3ef58 100755 --- a/script/deliver-message +++ b/script/deliver-message @@ -1,17 +1,17 @@ #!/usr/bin/env ruby -require File.dirname(__FILE__) + "/../config/environment" +require File.join(File.dirname(__FILE__), "..", "config", "environment") if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/) comment = DiaryComment.find(recipient[1]) - digest = comment.digest + expected_token = comment.notification_token(recipient[2]) date = comment.created_at from = comment.diary_entry.subscribers.find(recipient[2]) to = comment.user token = recipient[3] elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/) message = Message.find(recipient[1]) - digest = message.digest + expected_token = message.notification_token date = message.sent_on from = message.recipient to = message.sender @@ -20,8 +20,8 @@ else exit 0 end +exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, expected_token) exit 0 unless from.active? -exit 0 unless token == digest[0, 6] exit 0 if date < 1.month.ago message&.update(:message_read => true) @@ -33,6 +33,6 @@ mail = Mail.new($stdin.read message = Message.from_mail(mail, from, to) message.save! -UserMailer.message_notification(message).deliver +UserMailer.message_notification(message).deliver if message.notify_recipient? exit 0