Commit 1d932cf796ed547316922424402672de2ecd49ab
Exists in
fix_sign_up_form
Merge branch 'master' of gitlab.com:noosfero/noosfero
Showing
2 changed files
with
11 additions
and
1 deletions
Show diff stats
app/helpers/email_template_helper.rb
| ... | ... | @@ -6,7 +6,7 @@ module EmailTemplateHelper |
| 6 | 6 | params[:subject] = params[:email_template].parsed_subject(params[:template_params]) |
| 7 | 7 | params[:content_type] = "text/html" |
| 8 | 8 | end |
| 9 | - mail(params.except(:email_template)) | |
| 9 | + mail(params.except(:email_template, :template_params)) | |
| 10 | 10 | end |
| 11 | 11 | |
| 12 | 12 | end | ... | ... |
test/unit/user_mailer_test.rb
| ... | ... | @@ -44,6 +44,16 @@ fast_create(Person)) |
| 44 | 44 | assert_equal 'activation template body', mail.body.to_s |
| 45 | 45 | end |
| 46 | 46 | |
| 47 | + should 'not leak template params into activation email' do | |
| 48 | + EmailTemplate.create!(:template_type => :user_activation, :name => 'template1', :subject => 'activation template subject', :body => 'activation template body', :owner => Environment.default) | |
| 49 | + assert_difference 'ActionMailer::Base.deliveries.size' do | |
| 50 | + u = create_user('some-user') | |
| 51 | + UserMailer.activation_code(u).deliver | |
| 52 | + end | |
| 53 | + mail = ActionMailer::Base.deliveries.last | |
| 54 | + assert_nil mail['template-params'] | |
| 55 | + end | |
| 56 | + | |
| 47 | 57 | private |
| 48 | 58 | |
| 49 | 59 | def read_fixture(action) | ... | ... |