Disroot
/
gpg-lacre
9
15
Fork 4
Code Issues 29 Pull Requests 1 Releases 2 Wiki Activity

Web Lacre accepts any string in key submission field #41

New Issue
Closed
opened 2021-11-02 15:35:39 +01:00 by muppeth · 1 comment
muppeth commented 2021-11-02 15:35:39 +01:00
Owner
Copy Link

Looks like putting anything in the field is accepted by lacre. We should improve on that and allow only strings that are gpg valid as keys, otherwise I smell potential for trolling and abuse.

Aditionally we could prevent situation where someone did not copy they jey properly etc.

Looks like putting anything in the field is accepted by lacre. We should improve on that and allow only strings that are gpg valid as keys, otherwise I smell potential for trolling and abuse. Aditionally we could prevent situation where someone did not copy they jey properly etc.
muppeth added this to the mailgate web improvements milestone 2021-11-02 15:35:39 +01:00
muppeth added the
BUG
DEVELOPMENT
CODE
 labels 2021-11-02 15:35:39 +01:00
muppeth self-assigned this 2021-11-02 15:35:39 +01:00
pfm was assigned by muppeth 2021-11-02 15:35:39 +01:00
muppeth commented 2021-11-04 13:12:24 +01:00
Author
Owner
Copy Link

Looks like PEBKAC on my end. There is of course option in the config which checks keys right away when submitting in the web interface. $config['pgpverify_enable'].

Looks like PEBKAC on my end. There is of course option in the config which checks keys right away when submitting in the web interface. ` $config['pgpverify_enable']`.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
error-handling
uncoupleFE
fe_theme_st
php_update
muppdev
v0.2.2
v0.2.1
v0.2
v0.2-RC3
v0.2-RC2
v0.2-RC1
PII-2
PII-1
v0.1
v0.1-RC2
v0.1-RC1
failed-tests
Labels
Clear labels   
ANSIBLE

   
BUG

Something that's not working properly

  
CODE

   
DEVELOPMENT

   
DOCUMENTATION

Documentation

  
FEEDBACK

Suggestions and comments

  
FIX

A solution or patch for an issue

  
HOWTOs

Guides and tutorials

  
IDEA

Potential improvements and things to consider when time allows

  
INFRA

   
ISSUE

A problem

  
MAILSERVER

   
TESTS

   
To-Be-Reviewed

We should discuss these issues and decide what to do about them. They are candidates to be closed without further action or their scope might change.

  
WEB

   
WEBSITE

Lacre website related

No Label
ANSIBLE
BUG
CODE
DEVELOPMENT
DOCUMENTATION
FEEDBACK
FIX
HOWTOs
IDEA
INFRA
ISSUE
MAILSERVER
TESTS
To-Be-Reviewed
WEB
WEBSITE
Milestone
Clear milestone
No items
No Milestone
mailgate web improvements
Assignees
Clear assignees
No Assignees
muppeth
pfm
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/gpg-lacre#41
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?