MAGETWO-63632: [Backport] - Fix Zend Mail vulnerability - part 2 - for 2.1

cspruiell · cspruiell · commit 57a60da47c5d · 2017-02-23T16:42:25.000-06:00
- fix vulnerability
diff --git a/library/Zend/Mail/Transport/Sendmail.php b/library/Zend/Mail/Transport/Sendmail.php
@@ -45,7 +45,6 @@ class Zend_Mail_Transport_Sendmail extends Zend_Mail_Transport_Abstract
      */
     public $subject = null;
 
-
     /**
      * Config options for sendmail parameters
      *
@@ -85,7 +84,6 @@ public function __construct($parameters = null)
         $this->parameters = $parameters;
     }
 
-
     /**
      * Send mail using PHP native mail()
      *
@@ -97,37 +95,13 @@ public function __construct($parameters = null)
      */
     public function _sendMail()
     {
-        if ($this->parameters === null) {
-            set_error_handler(array($this, '_handleMailErrors'));
-            $result = mail(
-                $this->recipients,
-                $this->_mail->getSubject(),
-                $this->body,
-                $this->header);
-            restore_error_handler();
-        } else {
-            if(!is_string($this->parameters)) {
-                /**
-                 * @see Zend_Mail_Transport_Exception
-                 *
-                 * Exception is thrown here because
-                 * $parameters is a public property
-                 */
-                #require_once 'Zend/Mail/Transport/Exception.php';
-                throw new Zend_Mail_Transport_Exception(
-                    'Parameters were set but are not a string'
-                );
-            }
-
-            set_error_handler(array($this, '_handleMailErrors'));
-            $result = mail(
-                $this->recipients,
-                $this->_mail->getSubject(),
-                $this->body,
-                $this->header,
-                $this->parameters);
-            restore_error_handler();
-        }
+        set_error_handler(array($this, '_handleMailErrors'));
+        $result = mail(
+            $this->recipients,
+            $this->_mail->getSubject(),
+            $this->body,
+            $this->header);
+        restore_error_handler();
 
         if ($this->_errstr !== null || !$result) {
             /**
@@ -138,7 +112,6 @@ public function _sendMail()
         }
     }
 
-
     /**
      * Format and fix headers
      *
@@ -196,7 +169,7 @@ protected function _prepareHeaders($headers)
 
         // Sanitize the From header
         if (isset($headers['From'])) {
-            $addressList = array_filter($headers['From'], function($key) {
+            $addressList = array_filter($headers['From'], function ($key) {
                 return $key !== 'append';
             }, ARRAY_FILTER_USE_KEY);
             foreach ($addressList as $address) {
