Details
Description
Executing this code:
$mail = new Zend_Mail();
// ...
$mail->addCc('email@example.com', 'Injected email" <injected.email@example.com>, "Normal email');
$mail->send();
results in really sending an email with the following header:
Cc: "Injected email" <injected.email@example.com>, "Normal email" <email@example.com>
An even simpler way to add more recipients than expected:
$mail->addCc('email@example.com,another.email@example.com');
Same problem with $mail->addTo() or $mail->addBcc() .
I think that these methods should only add one single recipient, not more... (It would be a good protection from spam)
An easy way to correct the first problem should be by escaping (addcslashes()) the double-quote character (") with a backslash (\") when the recipient name needs to be quoted... This way the Cc header of the first example would be:
Cc: "Injected email\" <injected.email@example.com>, \"Normal email" <email@example.com>
For the second problem just checking for NO commas in the $email parameter should be ok.
Both these patches can be implemented within the method Zend_Mail::_addRecipientAndHeader().
Solved in SVN r13498
make to change comma and double quote mark in mail address into question mark.