mirror of https://github.com/zulip/zulip.git
Add validation for private message recipients.
The function will reject messages where recipients aren't either a member of the realm or a member of cross_realm_user_emails. Fixes: #930.
This commit is contained in:
parent
a717c7df18
commit
77ec6217eb
|
@ -777,14 +777,38 @@ function validate_stream_message() {
|
|||
|
||||
return true;
|
||||
}
|
||||
|
||||
// The function checks whether the recipients are users of the realm or cross realm users (bots for now)
|
||||
function validate_private_message() {
|
||||
if (exports.recipient() === "") {
|
||||
compose_error("Please specify at least one recipient", $("#private_message_recipient"));
|
||||
return false;
|
||||
} else {
|
||||
var private_recipients = util.extract_pm_recipients(compose.recipient());
|
||||
var invalid_recipients = [];
|
||||
_.each(private_recipients, function (email) {
|
||||
// This case occurs when exports.recipient() ends with ','
|
||||
if (email === "") {
|
||||
return;
|
||||
}
|
||||
if (people.realm_get(email) !== undefined) {
|
||||
return;
|
||||
}
|
||||
if (util.string_in_list_case_insensitive(email, page_params.cross_realm_user_emails)) {
|
||||
return;
|
||||
}
|
||||
invalid_recipients.push(email);
|
||||
});
|
||||
|
||||
if (invalid_recipients.length === 1) {
|
||||
compose_error("The recipient " + invalid_recipients.join() + " is not valid ", $("#private_message_recipient"));
|
||||
return false;
|
||||
} else if (invalid_recipients.length > 1) {
|
||||
compose_error("The recipients " + invalid_recipients.join() + " are not valid ", $("#private_message_recipient"));
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
exports.validate = function () {
|
||||
|
|
|
@ -182,6 +182,11 @@ exports.array_compare = function util_array_compare(a, b) {
|
|||
return true;
|
||||
};
|
||||
|
||||
exports.string_in_list_case_insensitive = function (str, list) {
|
||||
var dict = Dict.from_array(list || [], {fold_case: true});
|
||||
return dict.has(str);
|
||||
};
|
||||
|
||||
/* Represents a value that is expensive to compute and should be
|
||||
* computed on demand and then cached. The value can be forcefully
|
||||
* recalculated on the next call to get() by calling reset().
|
||||
|
|
|
@ -23,7 +23,8 @@ from zerver.models import Message, UserProfile, Stream, Subscription, Huddle, \
|
|||
PreregistrationUser, get_client, MitUser, UserActivity, PushDeviceToken, \
|
||||
get_stream, UserPresence, get_recipient, \
|
||||
split_email_to_domain, resolve_email_to_domain, email_to_username, get_realm, \
|
||||
completely_open, get_unique_open_realm, remote_user_to_email, email_allowed_for_realm
|
||||
completely_open, get_unique_open_realm, remote_user_to_email, email_allowed_for_realm, \
|
||||
get_cross_realm_users
|
||||
from zerver.lib.actions import do_change_password, do_change_full_name, do_change_is_admin, \
|
||||
do_activate_user, do_create_user, \
|
||||
internal_send_message, update_user_presence, do_events_register, \
|
||||
|
@ -836,6 +837,7 @@ def home(request):
|
|||
first_in_realm = first_in_realm,
|
||||
prompt_for_invites = prompt_for_invites,
|
||||
notifications_stream = notifications_stream,
|
||||
cross_realm_user_emails = list(get_cross_realm_users()),
|
||||
|
||||
# Stream message notification settings:
|
||||
stream_desktop_notifications_enabled =
|
||||
|
|
Loading…
Reference in New Issue