diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2018-06-26 22:49:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-06-26 22:49:07 +0200 |
| commit | 9e7f6444384c0990b89dda0ead7926b6307b960a (patch) | |
| tree | 7ca1e028d176570a074912839263afaf1007b555 | |
| parent | 5a8de6e08bf6f2c8dbc0f17662281314ae2cfc9b (diff) | |
| download | bugzilla-9e7f6444384c0990b89dda0ead7926b6307b960a.tar.gz bugzilla-9e7f6444384c0990b89dda0ead7926b6307b960a.tar.xz | |
Bug 1471304 - Block sending mail to hosts that end with .tld or .bugs
| -rw-r--r-- | Bugzilla/BugMail.pm | 2 | ||||
| -rw-r--r-- | Bugzilla/Mailer.pm | 9 | ||||
| -rw-r--r-- | extensions/Review/Extension.pm | 2 |
3 files changed, 9 insertions, 4 deletions
diff --git a/Bugzilla/BugMail.pm b/Bugzilla/BugMail.pm index 915405a0e..ebfc95d51 100644 --- a/Bugzilla/BugMail.pm +++ b/Bugzilla/BugMail.pm @@ -277,7 +277,7 @@ sub Send { # BMO: never send emails to bugs or .tld addresses. this check needs to # happen after the bugmail_recipients hook. if ($user->email_enabled && $dep_ok && - ($user->login !~ /bugs$/) && ($user->login !~ /\.tld$/)) + ($user->login !~ /\.(?:bugs|tld)$/)) { # Don't show summaries for bugs the user can't access, and # provide a hook for extensions such as SecureMail to filter diff --git a/Bugzilla/Mailer.pm b/Bugzilla/Mailer.pm index 1b77e5063..c9a458b47 100644 --- a/Bugzilla/Mailer.pm +++ b/Bugzilla/Mailer.pm @@ -190,11 +190,16 @@ sub MessageToMTA { my @recipients = Email::Address->parse($to); die qq{Unable to parse "To:" address - $to\n} unless @recipients; die qq{Did not expect more than one "To:" address in $to\n} if @recipients > 1; - my $badhosts = Bugzilla::Bloomfilter->lookup("badhosts") or die "No badhosts bloomfilter\n"; - if ($badhosts->test($recipients[0]->host)) { + my $recipient = $recipients[0]; + my $badhosts = Bugzilla::Bloomfilter->lookup("badhosts"); + if ($badhosts && $badhosts->test($recipient->host)) { WARN("Attempted to send email to address in badhosts: $to"); $email->header_set(to => ''); } + elsif ($recipient->host =~ /\.(?:bugs|tld)$/) { + WARN("Attempted to send email to fake address: $to"); + $email->header_set(to => ''); + } } catch { ERROR($_); }; diff --git a/extensions/Review/Extension.pm b/extensions/Review/Extension.pm index f05f2ba8b..47edd69a6 100644 --- a/extensions/Review/Extension.pm +++ b/extensions/Review/Extension.pm @@ -94,7 +94,7 @@ sub _user_is_active { my ($self) = @_; # never consider .bugs or .tld addresses as inactive. - return 1 if $self->login =~ /bugs$/ || $self->login =~ /\.tld$/; + return 1 if $self->login =~ /\.(?:bugs|tld)$/; return 1 unless Bugzilla->params->{max_reviewer_last_seen}; return 0 if !defined($self->last_seen_date); |