]> git.openstreetmap.org Git - rails.git/blobdiff - script/deliver-message
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Strengthen the tokens used in email reply addresses
[rails.git] / script / deliver-message
diff --git a/script/deliver-message b/script/deliver-message
index 087a117c3dceeeba884d600e8107de05aa77d950..28d755b24d4a40e74934d50600258764234d5803 100755 (executable)
--- a/script/deliver-message
+++ b/script/deliver-message
@@ -4,14 +4,14 @@ require File.join(File.dirname(__FILE__), "..", "config", "environment")
 
 if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
   comment = DiaryComment.find(recipient[1])
-  digest = comment.digest
+  expected_token = comment.notification_token(recipient[2])
   date = comment.created_at
   from = comment.diary_entry.subscribers.find(recipient[2])
   to = comment.user
   token = recipient[3]
 elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
   message = Message.find(recipient[1])
-  digest = message.digest
+  expected_token = message.notification_token
   date = message.sent_on
   from = message.recipient
   to = message.sender
@@ -20,7 +20,7 @@ else
   exit 0
 end
 
-exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, digest[0, 6])
+exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, expected_token)
 exit 0 unless from.active?
 exit 0 if date < 1.month.ago
 
The OpenStreetMap web site