mirror of
				https://github.com/Seldaek/monolog.git
				synced 2025-10-25 18:46:14 +02:00 
			
		
		
		
	Prevent header injection through content type / encoding in NativeMailerHandler, fixes #458, closes #448
This commit is contained in:
		| @@ -129,6 +129,10 @@ class NativeMailerHandler extends MailHandler | ||||
|      */ | ||||
|     public function setContentType($contentType) | ||||
|     { | ||||
|         if (strpos($contentType, "\n") !== false || strpos($contentType, "\r") !== false) { | ||||
|             throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection'); | ||||
|         } | ||||
|  | ||||
|         $this->contentType = $contentType; | ||||
|  | ||||
|         return $this; | ||||
| @@ -140,6 +144,10 @@ class NativeMailerHandler extends MailHandler | ||||
|      */ | ||||
|     public function setEncoding($encoding) | ||||
|     { | ||||
|         if (strpos($encoding, "\n") !== false || strpos($encoding, "\r") !== false) { | ||||
|             throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection'); | ||||
|         } | ||||
|  | ||||
|         $this->encoding = $encoding; | ||||
|  | ||||
|         return $this; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user