From 6c888417b6b8ace02c2ac20d47df99a755e629fc Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Wed, 13 Feb 2013 14:57:58 +0100 Subject: [PATCH] sanitize http headers in NativeMailerHandler to prevent injections. added tests. --- src/Monolog/Handler/NativeMailerHandler.php | 11 ++--- .../Handler/NativeMailerHandlerTest.php | 44 +++++++++++++++++++ 2 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 tests/Monolog/Handler/NativeMailerHandlerTest.php diff --git a/src/Monolog/Handler/NativeMailerHandler.php b/src/Monolog/Handler/NativeMailerHandler.php index 0b0ec2ce..0d564c6f 100644 --- a/src/Monolog/Handler/NativeMailerHandler.php +++ b/src/Monolog/Handler/NativeMailerHandler.php @@ -38,7 +38,7 @@ class NativeMailerHandler extends MailHandler parent::__construct($level, $bubble); $this->to = is_array($to) ? $to : array($to); $this->subject = $subject; - $this->headers[] = sprintf('From: %s', $from); + $this->addHeader(sprintf('From: %s', $from)); } /** @@ -46,10 +46,11 @@ class NativeMailerHandler extends MailHandler */ public function addHeader($headers) { - if (is_array($headers)) { - $this->headers = array_merge($this->headers, $headers); - } else { - $this->headers[] = $headers; + foreach ((array) $headers as $header) { + if (strpos($header, "\n") !== false || strpos($header, "\r") !== false) { + throw new \InvalidArgumentException('headers are not allowed to contain newline characters!'); + } + $this->headers[] = $header; } } diff --git a/tests/Monolog/Handler/NativeMailerHandlerTest.php b/tests/Monolog/Handler/NativeMailerHandlerTest.php new file mode 100644 index 00000000..f3a24a3e --- /dev/null +++ b/tests/Monolog/Handler/NativeMailerHandlerTest.php @@ -0,0 +1,44 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Monolog\Handler; + +use Monolog\Logger; +use Monolog\TestCase; + +class NativeMailerHandlerTest extends TestCase +{ + /** + * @expectedException InvalidArgumentException + */ + public function testConstructorHeaderInjection() + { + $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', "receiver@example.org\r\nFrom: faked@attacker.org"); + } + + /** + * @expectedException InvalidArgumentException + */ + public function testSetterHeaderInjection() + { + $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org'); + $mailer->addHeader("Content-Type: text/html\r\nFrom: faked@attacker.org"); + } + + /** + * @expectedException InvalidArgumentException + */ + public function testSetterArrayHeaderInjection() + { + $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org'); + $mailer->addHeader(array("Content-Type: text/html\r\nFrom: faked@attacker.org")); + } +}