Skip to content

Fix single email #1495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 17, 2025
Merged

Fix single email #1495

merged 2 commits into from
Mar 17, 2025

Conversation

CTY-git
Copy link
Contributor

@CTY-git CTY-git commented Mar 17, 2025
edited
Loading

PR Checklist

  • The commit message follows our guidelines: Code of conduct
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Does this PR introduce a breaking change?
  • Include PR in release notes?

PR Type

  • Bugfix
  • Feature
  • Refactoring
  • Build /CI
  • Documentation
  • Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

@CTY-git CTY-git requested a review from whoisarpit March 17, 2025 03:25
@patched-admin
Copy link
Contributor

File Changed: patchwork/steps/SendEmail/SendEmail.py

Rule 1: Do not ignore potential bugs in the code

Details: The removal of parse_to_list function and modification of recipient email handling introduces a potential bug. The code previously supported multiple email recipients through parsing space or comma-separated lists, but now assumes a single string input. This could break existing functionality where multiple recipients were being specified.

Affected Code Snippet:

- self.recipient_email = parse_to_list(inputs["recipient_email"], [" ", ","])
+ self.recipient_email = inputs["recipient_email"]

- msg["To"] = ", ".join(self.recipient_email)
+ msg["To"] = self.recipient_email

Start Line: 18
End Line: 31

Rule 2: Do not overlook possible security vulnerabilities

Details: The code modification has removed input validation that was previously provided by the parse_to_list function. This could potentially allow malformed or malicious email addresses to be processed without proper sanitization, which might lead to email header injection attacks.

Affected Code Snippet:

- self.recipient_email = parse_to_list(inputs["recipient_email"], [" ", ","])
+ self.recipient_email = inputs["recipient_email"]

Start Line: 18
End Line: 18

@CTY-git CTY-git merged commit 6a72f9b into main Mar 17, 2025
4 checks passed
@CTY-git CTY-git deleted the fix-single-email branch March 17, 2025 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whoisarpit whoisarpit whoisarpit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CTY-git @patched-admin @whoisarpit