Commit 1d932cf796ed547316922424402672de2ecd49ab
Exists in
fix_sign_up_form
Merge branch 'master' of gitlab.com:noosfero/noosfero
Showing
2 changed files
with
11 additions
and
1 deletions
Show diff stats
app/helpers/email_template_helper.rb
... | ... | @@ -6,7 +6,7 @@ module EmailTemplateHelper |
6 | 6 | params[:subject] = params[:email_template].parsed_subject(params[:template_params]) |
7 | 7 | params[:content_type] = "text/html" |
8 | 8 | end |
9 | - mail(params.except(:email_template)) | |
9 | + mail(params.except(:email_template, :template_params)) | |
10 | 10 | end |
11 | 11 | |
12 | 12 | end | ... | ... |
test/unit/user_mailer_test.rb
... | ... | @@ -44,6 +44,16 @@ fast_create(Person)) |
44 | 44 | assert_equal 'activation template body', mail.body.to_s |
45 | 45 | end |
46 | 46 | |
47 | + should 'not leak template params into activation email' do | |
48 | + EmailTemplate.create!(:template_type => :user_activation, :name => 'template1', :subject => 'activation template subject', :body => 'activation template body', :owner => Environment.default) | |
49 | + assert_difference 'ActionMailer::Base.deliveries.size' do | |
50 | + u = create_user('some-user') | |
51 | + UserMailer.activation_code(u).deliver | |
52 | + end | |
53 | + mail = ActionMailer::Base.deliveries.last | |
54 | + assert_nil mail['template-params'] | |
55 | + end | |
56 | + | |
47 | 57 | private |
48 | 58 | |
49 | 59 | def read_fixture(action) | ... | ... |