mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-27 16:00:59 +01:00
Mask the sender for "Must Encrypt" mail
Summary: Depends on D18998. Ref T13053. When we send "Must Encrypt" mail, we currently send it with a normal "From" address. This discloses a little information about the object (for example, if the Director of Silly Walks is interacting with a "must encrypt" object, the vulnerability is probably related to Silly Walks), so anonymize who is interacting with the object. Test Plan: Processed some mail. (The actual final "From" is ephemeral and a little tricky to examine and I didn't actually transmit mail over the network, but it should be obvious if this works or not on `secure`.) Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D19000
This commit is contained in:
parent
1485debcbd
commit
7765299f83
1 changed files with 6 additions and 0 deletions
|
@ -592,6 +592,12 @@ final class PhabricatorMetaMTAMail
|
|||
$mailer->setFrom($from_email, $from_name);
|
||||
break;
|
||||
case 'from':
|
||||
// If the mail content must be encrypted, disguise the sender.
|
||||
if ($must_encrypt) {
|
||||
$mailer->setFrom($default_from, pht('Phabricator'));
|
||||
break;
|
||||
}
|
||||
|
||||
$from = $value;
|
||||
$actor_email = null;
|
||||
$actor_name = null;
|
||||
|
|
Loading…
Reference in a new issue