revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 04:20:55 +01:00
Code Issues Releases Wiki Activity

Prevent loops in received mail

Browse source 
Summary:
It's currently possible to configure Phabricator to send mail to some address it recognizes as relating to an object.

When we receive mail from Phabricator, drop it unconditionally.

Test Plan: Wrote two emails, one with the header and one without. Piped them to `mail_handler.php`, one was dropped immediately.

Reviewers: btrahan, nh, mikaaay, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2529
This commit is contained in:
epriestley 2012-05-22 06:02:05 -07:00
parent 463cb116bd
commit 0461cd6e4f
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/applications/metamta/storage/receivedmail/PhabricatorMetaMTAReceivedMail.php
View file

@ -55,6 +55,19 @@ final class PhabricatorMetaMTAReceivedMail extends PhabricatorMetaMTADAO {
} }
public function processReceivedMail() { public function processReceivedMail() {
// If Phabricator sent the mail, always drop it immediately. This prevents
// loops where, e.g., the public bug address is also a user email address
// and creating a bug sends them an email, which loops.
$is_phabricator_mail = idx(
$this->headers,
'x-phabricator-sent-this-message');
if ($is_phabricator_mail) {
$message = "Ignoring email with 'X-Phabricator-Sent-This-Message' ".
"header to avoid loops.";
return $this->setMessage($message)->save();
}
$to = idx($this->headers, 'to'); $to = idx($this->headers, 'to');
$to = $this->getRawEmailAddress($to); $to = $this->getRawEmailAddress($to);