1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-23 05:01:13 +01:00

Prevent application email addresses from shadowing user email addresses

Summary:
Fixes T13234. Don't let application email addresses be configured with user addresses. This might prevent an unlikely bit of mischief where someone does this intentionally, detailed in T13234.

(Possibly, these tables should just be merged some day, similar to how the "Password" table is now a shared resource that's modular enough for multiple applications to use it.)

Test Plan: {F6132259}

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13234

Differential Revision: https://secure.phabricator.com/D19974
This commit is contained in:
epriestley 2019-01-15 06:29:34 -08:00
parent dc4d7f1f3e
commit c5f446defb
3 changed files with 29 additions and 0 deletions

View file

@ -103,6 +103,7 @@ final class PhabricatorMetaMTAApplicationEmailEditor
$type, $type,
pht('Invalid'), pht('Invalid'),
pht('Email address is not formatted properly.')); pht('Email address is not formatted properly.'));
continue;
} }
$address = new PhutilEmailAddress($email); $address = new PhutilEmailAddress($email);
@ -113,6 +114,19 @@ final class PhabricatorMetaMTAApplicationEmailEditor
pht( pht(
'This email address is reserved. Choose a different '. 'This email address is reserved. Choose a different '.
'address.')); 'address.'));
continue;
}
// See T13234. Prevent use of user email addresses as application
// email addresses.
if (PhabricatorMailUtil::isUserAddress($address)) {
$errors[] = new PhabricatorApplicationTransactionValidationError(
$type,
pht('In Use'),
pht(
'This email address is already in use by a user. Choose '.
'a different address.'));
continue;
} }
} }

View file

@ -170,6 +170,13 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
unset($targets[$key]); unset($targets[$key]);
continue; continue;
} }
// See T13234. Don't process mail if a user has attached this address
// to their account.
if (PhabricatorMailUtil::isUserAddress($target)) {
unset($targets[$key]);
continue;
}
} }
$any_accepted = false; $any_accepted = false;

View file

@ -108,4 +108,12 @@ final class PhabricatorMailUtil
return false; return false;
} }
public static function isUserAddress(PhutilEmailAddress $address) {
$user_email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s',
$address->getAddress());
return (bool)$user_email;
}
} }