Permalink
Browse files

Adding test cases from 'euromark' and updating how email addresses ar…

…e parsed so they are slightly more conformant to RFC 5322. Fixes #1066
  • Loading branch information...
1 parent 3e5e52d commit dbdd17f51ad26e27cae5c61e6938284f5f1a6267 @markstory markstory committed Sep 2, 2010
View
13 cake/libs/controller/components/email.php
@@ -743,19 +743,16 @@ function _encode($subject) {
* @access private
*/
function _formatAddress($string, $smtp = false) {
- if (strpos($string, '<') !== false) {
- $value = explode('<', $string);
- if ($smtp) {
- $string = '<' . $value[1];
- } else {
- $string = $this->_encode($value[0]) . ' <' . $value[1];
- }
+ $hasAlias = preg_match('/(.+)\s<(.+)>/', $string, $matches);
+ if ($hasAlias) {
+ return $this->_strip($matches[1] . ' <' . $matches[2] . '>');
}
return $this->_strip($string);
}
/**
- * Remove certain elements (such as bcc:, to:, %0a) from given value
+ * Remove certain elements (such as bcc:, to:, %0a) from given value.
+ * Helps prevent header injection / mainipulation on user content.
*
* @param string $value Value to strip
* @param boolean $message Set to true to indicate main message content
View
28 cake/tests/cases/libs/controller/components/email.test.php
@@ -128,6 +128,15 @@ function _getMessage() {
function strip($content, $message = false) {
return parent::_strip($content, $message);
}
+
+/**
+ * Wrapper for testing.
+ *
+ * @return void
+ */
+ function formatAddress($string, $smtp = false) {
+ return parent::_formatAddress($string, $smtp);
+ }
}
/**
@@ -1151,4 +1160,23 @@ function testSendMessage() {
);
$this->assertEqual($expected, $result);
}
+
+/**
+ * Test that _formatName doesn't jack up email addresses with alias parts.
+ *
+ * @return void
+ */
+ function testFormatAddressAliases() {
+ $result = $this->Controller->EmailTest->formatAddress('email@example.com');
+ $this->assertEqual($result, 'email@example.com');
+
+ $result = $this->Controller->EmailTest->formatAddress('alias <email@example.com>');
+ $this->assertEqual($result, 'alias <email@example.com>');
+
+ $result = $this->Controller->EmailTest->formatAddress('email@example.com');
+ $this->assertEqual($result, 'email@example.com');
+
+ $result = $this->Controller->EmailTest->formatAddress('<email@example.com>');
+ $this->assertEqual($result, '<email@example.com>');
+ }
}

0 comments on commit dbdd17f

Please sign in to comment.