From be0c7609f1d8e2db8a10cf8b9e504f1ddbe599d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Tue, 7 Nov 2017 19:17:33 +0100
Subject: [PATCH] FIX: validates attachments against current authorized
 extensions

---
 lib/email/receiver.rb                        |  2 +-
 spec/components/email/receiver_spec.rb       |  4 +++
 spec/fixtures/emails/attached_txt_file_2.eml | 30 ++++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 spec/fixtures/emails/attached_txt_file_2.eml

diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index 2510aa1e005..094dda88cd5 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -635,7 +635,7 @@ module Email
           # create the upload for the user
           opts = { for_group_message: options[:is_group_message] }
           upload = UploadCreator.new(tmp, attachment.filename, opts).create_for(user_id)
-          if upload && upload.errors.empty?
+          if upload&.valid?
             # try to inline images
             if attachment.content_type&.start_with?("image/")
               if raw[attachment.url]
diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
index 0054712aa4f..a11e3d9d96f 100644
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@@ -381,6 +381,10 @@ describe Email::Receiver do
       SiteSetting.authorized_extensions = "txt"
       expect { process(:attached_txt_file) }.to change { topic.posts.count }
       expect(topic.posts.last.raw).to match(/text\.txt/)
+
+      SiteSetting.authorized_extensions = "csv"
+      expect { process(:attached_txt_file_2) }.to change { topic.posts.count }
+      expect(topic.posts.last.raw).to_not match(/text\.txt/)
     end
 
     it "supports liking via email" do
diff --git a/spec/fixtures/emails/attached_txt_file_2.eml b/spec/fixtures/emails/attached_txt_file_2.eml
new file mode 100644
index 00000000000..4cb6cdc1df7
--- /dev/null
+++ b/spec/fixtures/emails/attached_txt_file_2.eml
@@ -0,0 +1,30 @@
+Return-Path: <discourse@bar.com>
+From: Foo Bar <discourse@bar.com>
+To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
+Date: Sat, 30 Jan 2016 01:10:11 +0100
+Message-ID: <38b@foo.bar.mail>
+Mime-Version: 1.0
+Content-Type: multipart/mixed;
+ boundary="--==_mimepart_56abff5d49749_ddf83fca6d033a28548ad";
+ charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+
+----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad
+Content-Type: text/plain;
+ charset=UTF-8;
+ filename=text.txt
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+ filename=text.txt
+Content-ID: <56abff637aac_ddf83fca6d033a2855099@HAL.lan.mail>
+
+This is a txt file.
+
+----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad
+Content-Type: text/plain;
+ charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+Please find the same text file attached.
+----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad--