mirror of
https://github.com/bitwarden/server.git
synced 2025-04-13 00:58:13 -05:00
sanitize user provided string for emails
This commit is contained in:
Kyle Spearrin
parent
ef354e7083
commit
184fe0cd64
@ -7,6 +7,7 @@ using Bit.Core.Models.Mail;
|
|||||||
using RazorLight.Templating;
|
using RazorLight.Templating;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Net;
|
using System.Net;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
|
|
||||||
namespace Bit.Core.Services
|
namespace Bit.Core.Services
|
||||||
{
|
{
|
||||||
@ -118,7 +119,7 @@ namespace Bit.Core.Services
|
|||||||
var message = CreateDefaultMessage("Your Master Password Hint", email);
|
var message = CreateDefaultMessage("Your Master Password Hint", email);
|
||||||
var model = new MasterPasswordHintViewModel
|
var model = new MasterPasswordHintViewModel
|
||||||
{
|
{
|
||||||
Hint = hint,
|
Hint = CoreHelpers.SanitizeForEmail(hint),
|
||||||
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
||||||
SiteName = _globalSettings.SiteName
|
SiteName = _globalSettings.SiteName
|
||||||
};
|
};
|
||||||
@ -146,7 +147,7 @@ namespace Bit.Core.Services
|
|||||||
var message = CreateDefaultMessage($"User {userEmail} Has Accepted Invite", adminEmails);
|
var message = CreateDefaultMessage($"User {userEmail} Has Accepted Invite", adminEmails);
|
||||||
var model = new OrganizationUserAcceptedViewModel
|
var model = new OrganizationUserAcceptedViewModel
|
||||||
{
|
{
|
||||||
OrganizationName = organizationName,
|
OrganizationName = CoreHelpers.SanitizeForEmail(organizationName),
|
||||||
UserEmail = userEmail,
|
UserEmail = userEmail,
|
||||||
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
||||||
SiteName = _globalSettings.SiteName
|
SiteName = _globalSettings.SiteName
|
||||||
@ -161,7 +162,7 @@ namespace Bit.Core.Services
|
|||||||
var message = CreateDefaultMessage($"You Have Been Confirmed To {organizationName}", email);
|
var message = CreateDefaultMessage($"You Have Been Confirmed To {organizationName}", email);
|
||||||
var model = new OrganizationUserConfirmedViewModel
|
var model = new OrganizationUserConfirmedViewModel
|
||||||
{
|
{
|
||||||
OrganizationName = organizationName,
|
OrganizationName = CoreHelpers.SanitizeForEmail(organizationName),
|
||||||
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
||||||
SiteName = _globalSettings.SiteName
|
SiteName = _globalSettings.SiteName
|
||||||
};
|
};
|
||||||
@ -175,7 +176,7 @@ namespace Bit.Core.Services
|
|||||||
var message = CreateDefaultMessage($"Join {organizationName}", orgUser.Email);
|
var message = CreateDefaultMessage($"Join {organizationName}", orgUser.Email);
|
||||||
var model = new OrganizationUserInvitedViewModel
|
var model = new OrganizationUserInvitedViewModel
|
||||||
{
|
{
|
||||||
OrganizationName = organizationName,
|
OrganizationName = CoreHelpers.SanitizeForEmail(organizationName),
|
||||||
Email = WebUtility.UrlEncode(orgUser.Email),
|
Email = WebUtility.UrlEncode(orgUser.Email),
|
||||||
OrganizationId = orgUser.OrganizationId.ToString(),
|
OrganizationId = orgUser.OrganizationId.ToString(),
|
||||||
OrganizationUserId = orgUser.Id.ToString(),
|
OrganizationUserId = orgUser.Id.ToString(),
|
||||||
|
|||||||
@ -411,5 +411,12 @@ namespace Bit.Core.Utilities
|
|||||||
}
|
}
|
||||||
return sb.ToString();
|
return sb.ToString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static string SanitizeForEmail(string value)
|
||||||
|
{
|
||||||
|
return value.Replace("@", "[at]")
|
||||||
|
.Replace("http://", string.Empty)
|
||||||
|
.Replace("https://", string.Empty);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user