MDL-57531 mail: Validate the sender's email address
authorDavid Mudrák <david@moodle.com>
Tue, 3 Jan 2017 21:09:30 +0000 (22:09 +0100)
committerDavid Mudrák <david@moodle.com>
Wed, 4 Jan 2017 11:35:19 +0000 (12:35 +0100)
commit61367eb63944d45a985b6cc4950661fd342773a6
tree184daed3d089168aeddb9a1f6663a6e4a886cfe5
parent066ec13585c78c4deb74700387c815a7297c996a
MDL-57531 mail: Validate the sender's email address

The patch adds validation for the noreplyaddress setting variable, for
the explicit $replyto parameter and for the sender's email. In case of
misconfigured noreplyaddress setting, it falls back to the default
noreply address value. In case of invalid email in the user's record,
the email is not sent.

The patch also adds unit test for the value returned by the function
generate_email_processing_address() so that it can be considered as a
valid email, too.

This is supposed to significantly minimise the risk of exploiting the
vulnerability in PHPMailer's Sender field.
lib/moodlelib.php
lib/tests/moodlelib_test.php
lib/tests/weblib_test.php