Internal: validate email address before set it in mail - refs BT#21613

AngelFQC · May 24, 2024 · a416426 · a416426
1 parent 50dfee4
commit a416426
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/public/main/inc/lib/api.lib.php b/public/main/inc/lib/api.lib.php
@@ -20,6 +20,7 @@
 use Symfony\Component\Mime\Address;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Validator\Constraints as Assert;
 use ZipStream\Option\Archive;
 use ZipStream\ZipStream;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
@@ -7112,6 +7113,9 @@ function api_set_noreply_and_from_address_to_mailer(
     array $sender,
     array $replyToAddress = []
 ): void {
+    $validator = Container::getLegacyHelper()->getValidator();
+    $emailConstraint = new Assert\Email();
+
     $noReplyAddress = api_get_setting('noreply_email_address');
     $avoidReplyToAddress = false;
 
@@ -7129,13 +7133,23 @@ function api_set_noreply_and_from_address_to_mailer(
     $senderEmail = !empty($sender['email']) ? $sender['email'] : $defaultSenderEmail;
 
     // Send errors to the platform admin
-    $email
-        ->getHeaders()
-        ->addIdHeader('Errors-To', api_get_setting('admin.administrator_email'))
-    ;
+    $adminEmail = api_get_setting('admin.administrator_email');
+
+    $adminEmailValidation = $validator->validate($adminEmail, $emailConstraint);
+
+    if (!empty($adminEmail) && 0 === $adminEmailValidation->count()) {
+        $email
+            ->getHeaders()
+            ->addIdHeader('Errors-To', $adminEmail)
+        ;
+    }
+
+    if (!$avoidReplyToAddress) {
+        $replyToEmailValidation = $validator->validate($replyToAddress['mail'], $emailConstraint);
 
-    if (!$avoidReplyToAddress && !empty($replyToAddress)) {
-        $email->addReplyTo(new Address($replyToAddress['mail'], $replyToAddress['name']));
+        if (!empty($replyToAddress) && 0 === $replyToEmailValidation->count()) {
+            $email->addReplyTo(new Address($replyToAddress['mail'], $replyToAddress['name']));
+        }
     }
 
     if ('true' === api_get_setting('mail.smtp_unique_sender')) {

diff --git a/tests/CoreBundle/Repository/MessageRepositoryTest.php b/tests/CoreBundle/Repository/MessageRepositoryTest.php
@@ -18,7 +18,6 @@
 use Chamilo\Tests\AbstractApiTest;
 use Chamilo\Tests\ChamiloTestTrait;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Messenger\Transport\InMemoryTransport;
 
 class MessageRepositoryTest extends AbstractApiTest
 {