From 0461cd6e4fd533dda23aaa9f855d1cbda8b99f67 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 22 May 2012 06:02:05 -0700 Subject: [PATCH] Prevent loops in received mail Summary: It's currently possible to configure Phabricator to send mail to some address it recognizes as relating to an object. When we receive mail from Phabricator, drop it unconditionally. Test Plan: Wrote two emails, one with the header and one without. Piped them to `mail_handler.php`, one was dropped immediately. Reviewers: btrahan, nh, mikaaay, jungejason Reviewed By: jungejason CC: aran Differential Revision: https://secure.phabricator.com/D2529 --- .../receivedmail/PhabricatorMetaMTAReceivedMail.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php b/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php index 107c91b953..f3baa5915a 100644 --- a/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php +++ b/src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php @@ -55,6 +55,19 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO { } public function processReceivedMail() { + + // If Phabricator sent the mail, always drop it immediately. This prevents + // loops where, e.g., the public bug address is also a user email address + // and creating a bug sends them an email, which loops. + $is_phabricator_mail = idx( + $this->headers, + 'x-phabricator-sent-this-message'); + if ($is_phabricator_mail) { + $message = "Ignoring email with 'X-Phabricator-Sent-This-Message' ". + "header to avoid loops."; + return $this->setMessage($message)->save(); + } + $to = idx($this->headers, 'to'); $to = $this->getRawEmailAddress($to);