1
0
mirror of https://github.com/Seldaek/monolog.git synced 2025-10-24 01:56:18 +02:00

Prevent header injection through content type / encoding in NativeMailerHandler, fixes #458, closes #448

This commit is contained in:
Jordi Boggiano
2014-12-28 14:32:10 +00:00
parent 5bee6fe56c
commit 515a096c86
2 changed files with 26 additions and 0 deletions

View File

@@ -129,6 +129,10 @@ class NativeMailerHandler extends MailHandler
*/
public function setContentType($contentType)
{
if (strpos($contentType, "\n") !== false || strpos($contentType, "\r") !== false) {
throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
}
$this->contentType = $contentType;
return $this;
@@ -140,6 +144,10 @@ class NativeMailerHandler extends MailHandler
*/
public function setEncoding($encoding)
{
if (strpos($encoding, "\n") !== false || strpos($encoding, "\r") !== false) {
throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
}
$this->encoding = $encoding;
return $this;