mirror/php-monolog
1
0
Fork 0
mirror of https://github.com/Seldaek/monolog.git synced 2025-10-22 00:56:08 +02:00
Code Issues Releases Wiki Activity

Prevent header injection through content type / encoding in NativeMailerHandler, fixes #458, closes #448

Browse Source
This commit is contained in:
Jordi Boggiano
2014-12-28 14:32:10 +00:00
parent 5bee6fe56c
commit 515a096c86
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Monolog/Handler/NativeMailerHandler.php
View File

@@ -129,6 +129,10 @@ class NativeMailerHandler extends MailHandler
*/
public function setContentType($contentType)
{
if (strpos($contentType, "\n") !== false || strpos($contentType, "\r") !== false) {
throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
}
$this->contentType = $contentType;
return $this;
@@ -140,6 +144,10 @@ class NativeMailerHandler extends MailHandler
*/
public function setEncoding($encoding)
{
if (strpos($encoding, "\n") !== false || strpos($encoding, "\r") !== false) {
throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
}
$this->encoding = $encoding;
return $this;