From 5554ff2a1d6f451d63d03f4eb0a740d8c91455de Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 30 Mar 2022 14:45:52 +0200 Subject: [PATCH] Fix being able to bypass e-mail restrictions (#17909) --- app/models/user.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index f2d9c49eb..e25c0ddb0 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -91,11 +91,11 @@ class User < ApplicationRecord validates :invite_request, presence: true, on: :create, if: :invite_text_required? validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale? - validates_with BlacklistedEmailValidator, on: :create + validates_with BlacklistedEmailValidator, if: -> { !confirmed? } validates_with EmailMxValidator, if: :validate_email_dns? validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create - # Those are honeypot/antispam fields + # Honeypot/anti-spam fields attr_accessor :registration_form_time, :website, :confirm_password validates_with RegistrationFormTimeValidator, on: :create