mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-27 01:02:42 +01:00
Mask the sender for "Must Encrypt" mail
Summary: Depends on D18998. Ref T13053. When we send "Must Encrypt" mail, we currently send it with a normal "From" address. This discloses a little information about the object (for example, if the Director of Silly Walks is interacting with a "must encrypt" object, the vulnerability is probably related to Silly Walks), so anonymize who is interacting with the object. Test Plan: Processed some mail. (The actual final "From" is ephemeral and a little tricky to examine and I didn't actually transmit mail over the network, but it should be obvious if this works or not on `secure`.) Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D19000
This commit is contained in:
parent
1485debcbd
commit
7765299f83
1 changed files with 6 additions and 0 deletions
|
@ -592,6 +592,12 @@ final class PhabricatorMetaMTAMail
|
||||||
$mailer->setFrom($from_email, $from_name);
|
$mailer->setFrom($from_email, $from_name);
|
||||||
break;
|
break;
|
||||||
case 'from':
|
case 'from':
|
||||||
|
// If the mail content must be encrypted, disguise the sender.
|
||||||
|
if ($must_encrypt) {
|
||||||
|
$mailer->setFrom($default_from, pht('Phabricator'));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$from = $value;
|
$from = $value;
|
||||||
$actor_email = null;
|
$actor_email = null;
|
||||||
$actor_name = null;
|
$actor_name = null;
|
||||||
|
|
Loading…
Reference in a new issue