recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Prevent application email addresses from shadowing user email addresses

Summary:
Fixes T13234. Don't let application email addresses be configured with user addresses. This might prevent an unlikely bit of mischief where someone does this intentionally, detailed in T13234.

(Possibly, these tables should just be merged some day, similar to how the "Password" table is now a shared resource that's modular enough for multiple applications to use it.)

Test Plan: {F6132259}

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13234

Differential Revision: https://secure.phabricator.com/D19974

epriestley c5f446de dc4d7f1f

+29
+14
src/applications/metamta/editor/PhabricatorMetaMTAApplicationEmailEditor.php
··· 103 103 $type, 104 104 pht('Invalid'), 105 105 pht('Email address is not formatted properly.')); 106 + continue; 106 107 } 107 108 108 109 $address = new PhutilEmailAddress($email); ··· 113 114 pht( 114 115 'This email address is reserved. Choose a different '. 115 116 'address.')); 117 + continue; 118 + } 119 + 120 + // See T13234. Prevent use of user email addresses as application 121 + // email addresses. 122 + if (PhabricatorMailUtil::isUserAddress($address)) { 123 + $errors[] = new PhabricatorApplicationTransactionValidationError( 124 + $type, 125 + pht('In Use'), 126 + pht( 127 + 'This email address is already in use by a user. Choose '. 128 + 'a different address.')); 129 + continue; 116 130 } 117 131 } 118 132
+7
src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
··· 170 170 unset($targets[$key]); 171 171 continue; 172 172 } 173 + 174 + // See T13234. Don't process mail if a user has attached this address 175 + // to their account. 176 + if (PhabricatorMailUtil::isUserAddress($target)) { 177 + unset($targets[$key]); 178 + continue; 179 + } 173 180 } 174 181 175 182 $any_accepted = false;
+8
src/applications/metamta/util/PhabricatorMailUtil.php
··· 108 108 return false; 109 109 } 110 110 111 + public static function isUserAddress(PhutilEmailAddress $address) { 112 + $user_email = id(new PhabricatorUserEmail())->loadOneWhere( 113 + 'address = %s', 114 + $address->getAddress()); 115 + 116 + return (bool)$user_email; 117 + } 118 + 111 119 }