From ca18b3309e80301254616a17e2cde168e990b418 Mon Sep 17 00:00:00 2001
From: DevelArt IV <info@develart.cz>
Date: Thu, 24 Aug 2023 15:41:12 +0200
Subject: [PATCH] further Zend Mail sendmail transport validation tweak

---
 CHANGELOG.md                             |  4 ++++
 composer.json                            |  2 +-
 library/Zend/Mail/Transport/Sendmail.php | 14 +++++++++-----
 library/Zend/Version.php                 |  2 +-
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 95ac4fb6c3..7467f58c9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.23.5] - 2023-08-24
+### Fixed
+- further Zend Mail sendmail transport validation tweak
+
 ## [1.23.4] - 2023-08-24
 ### Fixed
 - corrected Zend Mail sendmail transport comparison
diff --git a/composer.json b/composer.json
index 8993a464e9..eab8bcded7 100644
--- a/composer.json
+++ b/composer.json
@@ -2,7 +2,7 @@
     "name": "shardj/zf1-future",
     "description": "Zend Framework 1. The aim is to keep ZF1 working with the latest PHP versions",
     "type": "library",
-    "version": "1.23.4",
+    "version": "1.23.5",
     "keywords": [
         "framework",
         "zf1"
diff --git a/library/Zend/Mail/Transport/Sendmail.php b/library/Zend/Mail/Transport/Sendmail.php
index efc6702440..c5cf0153c8 100644
--- a/library/Zend/Mail/Transport/Sendmail.php
+++ b/library/Zend/Mail/Transport/Sendmail.php
@@ -143,13 +143,17 @@ public function _sendMail()
             }
             
             // now we use 2 different approaches, based ond the usage context            
-            if( substr( $fromEmailHeader, 0, 2 ) === '-f' && substr_count($fromEmailHeader, '"') >2 ) { // we are considering just usage of double-quotes
+            if( substr( $fromEmailHeader, 0, 2 ) === '-f' ) {
                 
-                throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                if(substr_count($fromEmailHeader, '"') >2) { // we are considering just usage of double-quotes
+                    throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                }
+  
+            } else { // full email validation
                 
-            } elseif( Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE ) { // full email validation
-                
-                throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                if( Zend_Validate::is($fromEmailHeader, 'EmailAddress') === FALSE ) {
+                    throw new Zend_Mail_Transport_Exception('Potential code injection in From header');
+                }                
             }            
             
             processMail:
diff --git a/library/Zend/Version.php b/library/Zend/Version.php
index 32455518ed..c30dad3956 100644
--- a/library/Zend/Version.php
+++ b/library/Zend/Version.php
@@ -32,7 +32,7 @@ final class Zend_Version
     /**
      * Zend Framework version identification - see compareVersion()
      */
-    const VERSION = '1.23.4';
+    const VERSION = '1.23.5';
 
     /**
      * The latest stable version Zend Framework available