I don't know what changed, and I'm traveling at the moment, but I added a call to untaint.
- Sam Ruby On Mon, Nov 5, 2018 at 3:40 PM Craig Russell <[email protected]> wrote: > > Can we please take another look at this issue? I'm afraid it might start to > affect account creation since no email with the vote result is being sent to > root. > > Thanks, > > Craig > > > On Oct 30, 2018, at 8:00 PM, Sam Ruby <[email protected]> wrote: > > > > On Tue, Oct 30, 2018 at 10:43 PM Sam Ruby <[email protected]> wrote: > >> > >> It would be safe to do something like the following, however: > >> > >> @from.untaint if @from =~ /\A\w+@apache\.org\z/ > > > > Looks like it may be worth adding > > > > or @from =~ /\A"?[\s\w]+"?\s+<\w+@apache\.org>\z/ > > > >> - Sam Ruby > > Craig L Russell > Secretary, Apache Software Foundation > [email protected] <mailto:[email protected]> http://db.apache.org/jdo > <http://db.apache.org/jdo>
