When using a weird address mail_safe crashes #3

Closed
pupeno opened this Issue Sep 28, 2011 · 1 comment

Projects

None yet

2 participants

@pupeno
Contributor
pupeno commented Sep 28, 2011

I'm creating users with weird email addresses, like <script>alert("XSS!")</script>@<script>alert("XSS!")</script>.com, just to help find cases where I'm open to XSS in the app. When sending an email to one of those addresses mail_safe crashes with this backtrace:

undefined method `each' for #<String:0x007fddcd3575e8>
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:14:in `block in replace_external_addresses'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:9:in `each'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/address_replacer.rb:9:in `replace_external_addresses'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail_safe-0.3.1/lib/mail_safe/rails3_hook.rb:6:in `delivering_email'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:230:in `block in inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:229:in `each'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/mail.rb:229:in `inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/message.rb:218:in `inform_interceptors'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/mail-2.3.0/lib/mail/message.rb:228:in `deliver'
/Users/pupeno/.rvm/gems/ruby-1.9.2-p290@watu/gems/devise-1.4.7/lib/devise/models/confirmable.rb:50:in `send_confirmation_instructions'

Apparently mail.send(address_type) doesn't return an array but just a string.

@jjconti
Collaborator
jjconti commented Sep 5, 2014

Fixed in 0.3.2.

@jjconti jjconti closed this Sep 5, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment