paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add validation for private message recipients.

Browse Source 
The function will reject messages where recipients aren't either a
member of the realm or a member of cross_realm_user_emails.

Fixes: #930.
This commit is contained in:
Vishnu Ks
2016-06-10 23:16:53 +05:30
committed by Tim Abbott
parent a717c7df18
commit 77ec6217eb
3 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
static/js/compose.js
View File

@@ -777,14 +777,38 @@ function validate_stream_message() {
return true;
}
// The function checks whether the recipients are users of the realm or cross realm users (bots for now)
function validate_private_message() {
if (exports.recipient() === "") {
compose_error("Please specify at least one recipient", $("#private_message_recipient"));
return false;
}
} else {
var private_recipients = util.extract_pm_recipients(compose.recipient());
var invalid_recipients = [];
_.each(private_recipients, function (email) {
// This case occurs when exports.recipient() ends with ','
if (email === "") {
return;
}
if (people.realm_get(email) !== undefined) {
return;
}
if (util.string_in_list_case_insensitive(email, page_params.cross_realm_user_emails)) {
return;
}
invalid_recipients.push(email);
});
return true;
if (invalid_recipients.length === 1) {
compose_error("The recipient " + invalid_recipients.join() + " is not valid ", $("#private_message_recipient"));
return false;
} else if (invalid_recipients.length > 1) {
compose_error("The recipients " + invalid_recipients.join() + " are not valid ", $("#private_message_recipient"));
return false;
} else {
return true;
}
}
}
exports.validate = function () {