13 роки тому · 6c888417b6
--- a/src/Monolog/Handler/NativeMailerHandler.php
+++ b/src/Monolog/Handler/NativeMailerHandler.php
@@ -38,7 +38,7 @@ class NativeMailerHandler extends MailHandler
 
				         parent::__construct($level, $bubble);
			
 
				         $this->to = is_array($to) ? $to : array($to);
			
 
				         $this->subject = $subject;
			
 
				-        $this->headers[] = sprintf('From: %s', $from);
			
 
				+        $this->addHeader(sprintf('From: %s', $from));
			
 
				     }
			
 
				 
			
 
				     /**
			
@@ -46,10 +46,11 @@ class NativeMailerHandler extends MailHandler
 
				      */
			
 
				     public function addHeader($headers)
			
 
				     {
			
 
				-        if (is_array($headers)) {
			
 
				-            $this->headers = array_merge($this->headers, $headers);
			
 
				-        } else {
			
 
				-            $this->headers[] = $headers;
			
 
				+        foreach ((array) $headers as $header) {
			
 
				+            if (strpos($header, "\n") !== false || strpos($header, "\r") !== false) {
			
 
				+                throw new \InvalidArgumentException('headers are not allowed to contain newline characters!');
			
 
				+            }
			
 
				+            $this->headers[] = $header;
			
 
				         }
			
 
				     }
			
 
				 
			
--- a/tests/Monolog/Handler/NativeMailerHandlerTest.php
+++ b/tests/Monolog/Handler/NativeMailerHandlerTest.php
@@ -0,0 +1,44 @@
 
				+<?php
			
 
				+
			
 
				+/*
			
 
				+ * This file is part of the Monolog package.
			
 
				+ *
			
 
				+ * (c) Jordi Boggiano <j.boggiano@seld.be>
			
 
				+ *
			
 
				+ * For the full copyright and license information, please view the LICENSE
			
 
				+ * file that was distributed with this source code.
			
 
				+ */
			
 
				+
			
 
				+namespace Monolog\Handler;
			
 
				+
			
 
				+use Monolog\Logger;
			
 
				+use Monolog\TestCase;
			
 
				+
			
 
				+class NativeMailerHandlerTest extends TestCase
			
 
				+{
			
 
				+    /**
			
 
				+     * @expectedException InvalidArgumentException
			
 
				+     */
			
 
				+    public function testConstructorHeaderInjection()
			
 
				+    {
			
 
				+        $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', "receiver@example.org\r\nFrom: faked@attacker.org");
			
 
				+    }
			
 
				+    
			
 
				+    /**
			
 
				+     * @expectedException InvalidArgumentException
			
 
				+     */
			
 
				+    public function testSetterHeaderInjection()
			
 
				+    {
			
 
				+        $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org');
			
 
				+        $mailer->addHeader("Content-Type: text/html\r\nFrom: faked@attacker.org");
			
 
				+    }
			
 
				+    
			
 
				+    /**
			
 
				+     * @expectedException InvalidArgumentException
			
 
				+     */
			
 
				+    public function testSetterArrayHeaderInjection()
			
 
				+    {
			
 
				+        $mailer = new NativeMailerHandler('spammer@example.org', 'dear victim', 'receiver@example.org');
			
 
				+        $mailer->addHeader(array("Content-Type: text/html\r\nFrom: faked@attacker.org"));
			
 
				+    }
			
 
				+}