further Zend Mail sendmail transport validation tweak

Shardj · Aug 24, 2023 · ca18b33 · ca18b33
1 parent 622a60b
commit ca18b33
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.23.5] - 2023-08-24
+### Fixed
+- further Zend Mail sendmail transport validation tweak
+
 ## [1.23.4] - 2023-08-24
 ### Fixed
 - corrected Zend Mail sendmail transport comparison

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "shardj/zf1-future",
     "description": "Zend Framework 1. The aim is to keep ZF1 working with the latest PHP versions",
     "type": "library",
-    "version": "1.23.4",
+    "version": "1.23.5",
     "keywords": [
         "framework",
         "zf1"

diff --git a/library/Zend/Mail/Transport/Sendmail.php b/library/Zend/Mail/Transport/Sendmail.php
@@ -143,13 +143,17 @@ public function _sendMail()
             }
 
             // now we use 2 different approaches, based ond the usage context            
-            if( substr( $fromEmailHeader, 0, 2 ) === '-f' && substr_count($fromEmailHeader, '"') >2 ) { // we are considering just usage of double-quotes
+            if( substr( $fromEmailHeader, 0, 2 ) === '-f' ) {
 
-                throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                if(substr_count($fromEmailHeader, '"') >2) { // we are considering just usage of double-quotes
+                    throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                }
+
+            } else { // full email validation
 
-            } elseif( Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE ) { // full email validation
-
-                throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                if( Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE ) {
+                    throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                }                
             }            
 
             processMail:

diff --git a/library/Zend/Version.php b/library/Zend/Version.php
@@ -32,7 +32,7 @@ final class Zend_Version
     /**
      * Zend Framework version identification - see compareVersion()
      */
-    const VERSION = '1.23.4';
+    const VERSION = '1.23.5';
 
     /**
      * The latest stable version Zend Framework available