[CakePHP : The Rapid Development Framework for PHP] #6397: EmailComponent: Sending fails when sendAs === 'both'

Tue, 26 May 2009 08:51:17 -0700 

#6397: EmailComponent: Sending fails when sendAs === 'both'
-----------------------------------------------------+----------------------
    Reporter:  dom111                                |          Type:  Bug      
 
      Status:  new                                   |      Priority:  Medium   
 
   Milestone:  1.2.x.x                               |     Component:  
Components
     Version:                                        |      Severity:  Major    
 
    Keywords:  EmailComponent, injection, multipart  |   Php_version:  PHP 5    
 
Cake_version:  8004 2009-01-16 20:15:21Z gwoo        |  
-----------------------------------------------------+----------------------
 When sending emails using the EmailComponent (from version 8004) in sendAs
 === 'both' mode, the script fails to actually send anything on our server
 (PHP 5.2.5 with Suhosin-Patch 0.9.6.2).

 The Apache error logs read:
 {{{
 ALERT - mail() - double newline in headers, possible injection, mail
 dropped (attacker 'xx.xx.xx.xx', file
 '/srv/cake/libs/controllers/components/email.php', line 656)
 }}}

 Controller code:
 {{{
 function _send_email() {
     $this->Email->to = 'u...@example.com';
     $this->Email->subject = 'My Email Test';
     $this->Email->template = 'template'; // note no '.ctp'
     $this->Email->from = 'u...@example.com';
     $this->Email->replyTo = 'u...@example.com';
     $this->Email->sendAs = 'both';
     $this->Email->send();
   }
 }}}

 The problem appears to be fixed when line 492 is removed:
 {{{
                 } elseif ($this->sendAs === 'both') {
                         $this->__header[] = 'Content-Type:
 multipart/alternative; boundary="alt-' . $this->__boundary . '"';
                         // $this->__header[] = ''; // line 492
                 }
 }}}

 Apologies if this ticket is a duplicate, but I couldn't see a similar
 issue.

-- 
Ticket URL: <https://trac.cakephp.org/ticket/6397>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to 
tickets-cakephp+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to