Skip to content

Commit

Permalink
Merge pull request #371 from develart-projects/mailParametersValidati…
Browse files Browse the repository at this point in the history 
…onRework

addressed 5th sendmail param validation using -f (#326)
  • Loading branch information
@develart-projects
develart-projects authored Aug 23, 2023
2 parents 2eded49 + 1a6f258 commit 0f0cb95
Showing 1 changed file with 23 additions and 11 deletions.
34 changes: 23 additions & 11 deletions library/Zend/Mail/Transport/Sendmail.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,19 +137,31 @@ public function _sendMail()
}
// Sanitize the From header
// https://github.com/Shardj/zf1-future/issues/326
// this is just quick-fix, we need to agree on how to sanitize all potential params used as 5th param to mail()
if ( empty($fromEmailHeader) === FALSE && Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE) {
throw new Zend_Mail_Transport_Exception('Potential code injection in From header');

if ( empty($fromEmailHeader) === FALSE ) { // nothing to worry about
goto processMail;
}

set_error_handler([$this, '_handleMailErrors']);
$result = mail(
$recipients,
$subject,
$body,
$header,
$fromEmailHeader);
restore_error_handler();
// now we use 2 different approaches, based ond the usage context
if( substr( $fromEmailHeader, 0, 2 ) === '-f' && substr_count($fromEmailHeader, '"') >2 ) { // we are considering just usage of double-quotes

throw new Zend_Mail_Transport_Exception('Potential code injection in From header');

} elseif( Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE ) { // full email validation

throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
}

processMail:

set_error_handler([$this, '_handleMailErrors']);
$result = mail(
$recipients,
$subject,
$body,
$header,
$fromEmailHeader);
restore_error_handler();

}

Expand Down

0 comments on commit 0f0cb95

Please sign in to comment.