oppi.li / perf-test
loading up the forgejo repo on tangled to test page performance
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Prevent multiple `To` recipients (#22566)

Change the mailer interface to prevent leaking of possible hidden email
addresses when sending to multiple recipients.

Co-authored-by: Gusted <williamzijl7@hotmail.com>

authored by

KN4CK3R
Gusted and committed by
GitHub 21dd4a25 6737e1c5

+23 -20
+1 -1
routers/private/mail.go
··· 81 81 82 82 func sendEmail(ctx *context.PrivateContext, subject, message string, to []string) { 83 83 for _, email := range to { 84 - msg := mailer.NewMessage([]string{email}, subject, message) 84 + msg := mailer.NewMessage(email, subject, message) 85 85 mailer.SendAsync(msg) 86 86 } 87 87
+6 -6
services/mailer/mail.go
··· 61 61 // No mail service configured 62 62 return nil 63 63 } 64 - return gomail.Send(Sender, NewMessage([]string{email}, "Gitea Test Email!", "Gitea Test Email!").ToMessage()) 64 + return gomail.Send(Sender, NewMessage(email, "Gitea Test Email!", "Gitea Test Email!").ToMessage()) 65 65 } 66 66 67 67 // sendUserMail sends a mail to the user ··· 86 86 return 87 87 } 88 88 89 - msg := NewMessage([]string{u.Email}, subject, content.String()) 89 + msg := NewMessage(u.Email, subject, content.String()) 90 90 msg.Info = fmt.Sprintf("UID: %d, %s", u.ID, info) 91 91 92 92 SendAsync(msg) ··· 137 137 return 138 138 } 139 139 140 - msg := NewMessage([]string{email.Email}, locale.Tr("mail.activate_email"), content.String()) 140 + msg := NewMessage(email.Email, locale.Tr("mail.activate_email"), content.String()) 141 141 msg.Info = fmt.Sprintf("UID: %d, activate email", u.ID) 142 142 143 143 SendAsync(msg) ··· 168 168 return 169 169 } 170 170 171 - msg := NewMessage([]string{u.Email}, locale.Tr("mail.register_notify"), content.String()) 171 + msg := NewMessage(u.Email, locale.Tr("mail.register_notify"), content.String()) 172 172 msg.Info = fmt.Sprintf("UID: %d, registration notify", u.ID) 173 173 174 174 SendAsync(msg) ··· 202 202 return 203 203 } 204 204 205 - msg := NewMessage([]string{u.Email}, subject, content.String()) 205 + msg := NewMessage(u.Email, subject, content.String()) 206 206 msg.Info = fmt.Sprintf("UID: %d, add collaborator", u.ID) 207 207 208 208 SendAsync(msg) ··· 322 322 323 323 msgs := make([]*Message, 0, len(recipients)) 324 324 for _, recipient := range recipients { 325 - msg := NewMessageFrom([]string{recipient.Email}, ctx.Doer.DisplayName(), setting.MailService.FromEmail, subject, mailBody.String()) 325 + msg := NewMessageFrom(recipient.Email, ctx.Doer.DisplayName(), setting.MailService.FromEmail, subject, mailBody.String()) 326 326 msg.Info = fmt.Sprintf("Subject: %s, %s", subject, info) 327 327 328 328 msg.SetHeader("Message-ID", msgID)
+1 -1
services/mailer/mail_release.go
··· 89 89 publisherName := rel.Publisher.DisplayName() 90 90 relURL := "<" + rel.HTMLURL() + ">" 91 91 for _, to := range tos { 92 - msg := NewMessageFrom([]string{to}, publisherName, setting.MailService.FromEmail, subject, mailBody.String()) 92 + msg := NewMessageFrom(to, publisherName, setting.MailService.FromEmail, subject, mailBody.String()) 93 93 msg.Info = subject 94 94 msg.SetHeader("Message-ID", relURL) 95 95 msgs = append(msgs, msg)
+6 -3
services/mailer/mail_repo.go
··· 82 82 return err 83 83 } 84 84 85 - msg := NewMessage(emails, subject, content.String()) 86 - msg.Info = fmt.Sprintf("UID: %d, repository pending transfer notification", newOwner.ID) 85 + for _, to := range emails { 86 + msg := NewMessage(to, subject, content.String()) 87 + msg.Info = fmt.Sprintf("UID: %d, repository pending transfer notification", newOwner.ID) 88 + 89 + SendAsync(msg) 90 + } 87 91 88 - SendAsync(msg) 89 92 return nil 90 93 }
+1 -1
services/mailer/mail_team_invite.go
··· 52 52 return err 53 53 } 54 54 55 - msg := NewMessage([]string{invite.Email}, subject, mailBody.String()) 55 + msg := NewMessage(invite.Email, subject, mailBody.String()) 56 56 msg.Info = subject 57 57 58 58 SendAsync(msg)
+5 -5
services/mailer/mailer.go
··· 35 35 Info string // Message information for log purpose. 36 36 FromAddress string 37 37 FromDisplayName string 38 - To []string 38 + To string // Use only one recipient to prevent leaking of addresses 39 39 ReplyTo string 40 40 Subject string 41 41 Date time.Time ··· 47 47 func (m *Message) ToMessage() *gomail.Message { 48 48 msg := gomail.NewMessage() 49 49 msg.SetAddressHeader("From", m.FromAddress, m.FromDisplayName) 50 - msg.SetHeader("To", m.To...) 50 + msg.SetHeader("To", m.To) 51 51 if m.ReplyTo != "" { 52 52 msg.SetHeader("Reply-To", m.ReplyTo) 53 53 } ··· 89 89 dateMs := m.Date.UnixNano() / 1e6 90 90 h := fnv.New64() 91 91 if len(m.To) > 0 { 92 - _, _ = h.Write([]byte(m.To[0])) 92 + _, _ = h.Write([]byte(m.To)) 93 93 } 94 94 _, _ = h.Write([]byte(m.Subject)) 95 95 _, _ = h.Write([]byte(m.Body)) ··· 97 97 } 98 98 99 99 // NewMessageFrom creates new mail message object with custom From header. 100 - func NewMessageFrom(to []string, fromDisplayName, fromAddress, subject, body string) *Message { 100 + func NewMessageFrom(to, fromDisplayName, fromAddress, subject, body string) *Message { 101 101 log.Trace("NewMessageFrom (body):\n%s", body) 102 102 103 103 return &Message{ ··· 112 112 } 113 113 114 114 // NewMessage creates new mail message object with default From header. 115 - func NewMessage(to []string, subject, body string) *Message { 115 + func NewMessage(to, subject, body string) *Message { 116 116 return NewMessageFrom(to, setting.MailService.FromName, setting.MailService.FromEmail, subject, body) 117 117 } 118 118
+3 -3
services/mailer/mailer_test.go
··· 21 21 setting.Domain = "localhost" 22 22 23 23 date := time.Date(2000, 1, 2, 3, 4, 5, 6, time.UTC) 24 - m := NewMessageFrom(nil, "display-name", "from-address", "subject", "body") 24 + m := NewMessageFrom("", "display-name", "from-address", "subject", "body") 25 25 m.Date = date 26 26 gm := m.ToMessage() 27 27 assert.Equal(t, "<autogen-946782245000-41e8fc54a8ad3a3f@localhost>", gm.GetHeader("Message-ID")[0]) 28 28 29 - m = NewMessageFrom([]string{"a@b.com"}, "display-name", "from-address", "subject", "body") 29 + m = NewMessageFrom("a@b.com", "display-name", "from-address", "subject", "body") 30 30 m.Date = date 31 31 gm = m.ToMessage() 32 32 assert.Equal(t, "<autogen-946782245000-cc88ce3cfe9bd04f@localhost>", gm.GetHeader("Message-ID")[0]) 33 33 34 - m = NewMessageFrom([]string{"a@b.com"}, "display-name", "from-address", "subject", "body") 34 + m = NewMessageFrom("a@b.com", "display-name", "from-address", "subject", "body") 35 35 m.SetHeader("Message-ID", "<msg-d@domain.com>") 36 36 gm = m.ToMessage() 37 37 assert.Equal(t, "<msg-d@domain.com>", gm.GetHeader("Message-ID")[0])