mirror/php-monolog
1
0
Fork 0
mirror of https://github.com/Seldaek/monolog.git synced 2025-10-21 16:46:11 +02:00
Code Issues Releases Wiki Activity

sanitize http headers in NativeMailerHandler to prevent injections. added tests.

Browse Source
This commit is contained in:
Markus Staab
2013-02-13 14:57:58 +01:00
parent 9dc4ffc071
commit 6c888417b6
2 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Monolog/Handler/NativeMailerHandler.php
View File

@@ -38,7 +38,7 @@ class NativeMailerHandler extends MailHandler
parent::__construct($level, $bubble);
$this->to = is_array($to) ? $to : array($to);
$this->subject = $subject;
$this->headers[] = sprintf('From: %s', $from);
$this->addHeader(sprintf('From: %s', $from));
}
/**
@@ -46,10 +46,11 @@ class NativeMailerHandler extends MailHandler
*/
public function addHeader($headers)
{
if (is_array($headers)) {
$this->headers = array_merge($this->headers, $headers);
} else {
$this->headers[] = $headers;
foreach ((array) $headers as $header) {
if (strpos($header, "\n") !== false || strpos($header, "\r") !== false) {
throw new \InvalidArgumentException('headers are not allowed to contain newline characters!');
}
$this->headers[] = $header;
}
}