Project

General

Profile

Actions
Copy link

Task #104329

open

Do not use no-reply@example.com email addres as a fallback for the defaultMailFromAddress

Added by Marcin Sągol 9 days ago. Updated 8 days ago.

Status:
New
Priority:
Could have
Assignee:
-
Category:
Backend API
Target version:
13.3
Start date:
2024-07-07
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
mail, mailer, mailng, configuration, backend
Complexity:
easy
Sprint Focus:

Description

The typo3/cms-core/Classes/Utility/MailUtility.php class offers helper methods to fetch several configuration values related to making, providing also some fallbacks.

One of them is this method:

public static function getSystemFromAddress(): string
{
    $address = $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'] ?? null;

    if (!is_string($address) || !GeneralUtility::validEmail($address)) {
        // still nothing, get host name from server
        $address = 'no-reply@' . php_uname('n');
        if (!GeneralUtility::validEmail($address)) {
            // if everything fails use a dummy address
            $address = 'no-reply@example.com';
        }
    }
    return $address;
}

So, here as a very last fallback we have the used which might not be a good idea as it can expose some sensitive data.
It should be considered if this fallback should be used and even if the php_uname usage is intended.
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'], just throw some exception.

Actions
Copy link

Also available in: Atom PDF