Fix exploit of user's names/emails breaking "To"

Before being added to the "To" string, emails and names are cleared of <
> , and names are additionally cleared of @. See
Magnesium\Message\Base::removeToStringBreakingSymbols() DocBlock for
more details.

src/Magnesium/Message/Base.php

@@ -227,8 +227,35 @@ public function getFromString()
     protected function formatEmailString(string $email, string $name = null)
     {
         return $name
-        ? sprintf('%s <%s>', $name, $email)
-        : $email;
+        ? sprintf(
+            '%s <%s>',
+            $this->removeToStringBreakingSymbols($name, false),
+            $this->removeToStringBreakingSymbols($email, true))
+        : $this->removeToStringBreakingSymbols($email, true);
+    }
+
+    /**
+     *
+     * Should a user have chosen a name like "no1@example.com, Not Okay <no2@example.com>, Sherbert",
+     * Mailgun would accept the following to: "user@example.com, user2@example.com, no1@example.com, Not Okay <no2@example.com>, Sherbert <hello@example.com>"
+     * and would send it accordingly, which is unwanted behavior.
+     * Removing only "," breaks the To-string, sending the message to
+     * "user@example.com, user2@example.com, no1@example.com Not Okay <no2@example.com> Sherbert" hello@example.com,
+     * revealing email addresses of other users.
+     * Removing only either of "<,>" or "@," breaks the string the same way.
+     * Only removing "<>@," from the string prevents breaking (as far as I know).
+     *
+     * Also use an input validation library like Respect/Validation or find
+     * another way to prevent emails and names from containing "<>,"!
+     *
+     * @param string $string
+     * @param bool   $isEmail
+     *
+     * @return string
+     */
+    protected function removeToStringBreakingSymbols(string $string, bool $isEmail)
+    {
+        return str_replace($isEmail ? ['>', '<', ','] : ['>', '<', ',', '@'], '', $string);
     }
 
     /**