Prevent header injection through content type / encoding in NativeMailerHandler, fixes #458, closes #448

src/Monolog/Handler/NativeMailerHandler.php

@@ -129,6 +129,10 @@ class NativeMailerHandler extends MailHandler
      */
     public function setContentType($contentType)
     {
+        if (strpos($contentType, "\n") !== false || strpos($contentType, "\r") !== false) {
+            throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
+        }
+
         $this->contentType = $contentType;
 
         return $this;
@@ -140,6 +144,10 @@ class NativeMailerHandler extends MailHandler
      */
     public function setEncoding($encoding)
     {
+        if (strpos($encoding, "\n") !== false || strpos($encoding, "\r") !== false) {
+            throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection');
+        }
+
         $this->encoding = $encoding;
 
         return $this;

tests/Monolog/Handler/NativeMailerHandlerTest.php

@@ -40,4 +40,22 @@ class NativeMailerHandlerTest extends TestCase
         $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org');
         $mailer->addHeader(array("Content-Type: text/html\r\nFrom: faked@attacker.org"));
     }
+
+    /**
+     * @expectedException InvalidArgumentException
+     */
+    public function testSetterContentTypeInjection()
+    {
+        $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org');
+        $mailer->setContentType("text/html\r\nFrom: faked@attacker.org");
+    }
+
+    /**
+     * @expectedException InvalidArgumentException
+     */
+    public function testSetterEncodingInjection()
+    {
+        $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org');
+        $mailer->setEncoding("utf-8\r\nFrom: faked@attacker.org");
+    }
 }