From 9bfa4a3dbb83dd9ad4ffe2b9e7e056e2864cecbc Mon Sep 17 00:00:00 2001
From: DevelArt IV <info@develart.cz>
Date: Tue, 15 Aug 2023 14:33:15 +0200
Subject: [PATCH] sendmail header sanitization quick-fix, as described in #326

---
 library/Zend/Mail/Transport/Sendmail.php | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/library/Zend/Mail/Transport/Sendmail.php b/library/Zend/Mail/Transport/Sendmail.php
index fcc868f83b..da59b51084 100644
--- a/library/Zend/Mail/Transport/Sendmail.php
+++ b/library/Zend/Mail/Transport/Sendmail.php
@@ -136,18 +136,21 @@ public function _sendMail()
                 $fromEmailHeader = str_replace("\r\n", "\n", $fromEmailHeader);
             }
             // Sanitize the From header
-            if (!Zend_Validate::is($fromEmailHeader, 'EmailAddress')) {
+            // https://github.com/Shardj/zf1-future/issues/326
+            // this is just quick-fix, we need to agree on how to sanitize all potential params used as 5th param to mail()
+            if ( empty($fromEmailHeader) === FALSE && Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE) {
                 throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
-            } else {
-                set_error_handler([$this, '_handleMailErrors']);
-                $result = mail(
-                    $recipients,
-                    $subject,
-                    $body,
-                    $header,
-                    $fromEmailHeader);
-                restore_error_handler();
             }
+            
+            set_error_handler([$this, '_handleMailErrors']);
+            $result = mail(
+                $recipients,
+                $subject,
+                $body,
+                $header,
+                $fromEmailHeader);
+            restore_error_handler();
+
         }
 
         if ($this->_errstr !== null || !$result) {