Task #104329: Do not use no-reply@example.com email addres as a fallback for the defaultMailFromAddress - TYPO3 Core - TYPO3 Forge

Task #104329

The <code class="php">typo3/cms-core/Classes/Utility/MailUtility.php</code> class offers helper methods to fetch several configuration values related to making, providing also some fallbacks. 

 One of them is this method: 
 <pre> 
 <code class="php"> 
 public static function getSystemFromAddress(): string 
 { 
     $address = $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'] ?? null; 

     if (!is_string($address) || !GeneralUtility::validEmail($address)) { 
         // still nothing, get host name from server 
         $address = 'no-reply@' . php_uname('n'); 
         if (!GeneralUtility::validEmail($address)) { 
             // if everything fails use a dummy address 
             $address = 'no-reply@example.com'; 
         } 
     } 
     return $address; 
 } 
 </code> 
 </pre> 
 So, here as a very last fallback we have the *no-reply@example.com* used which might not be a good idea as it can expose some sensitive data. 
 It should be considered if this fallback should be used and even if the <code class="php">php_uname</code> usage is intended.  
 <code class="php">$GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress']</code>, just throw troc some exception.

Back

Project

General

Profile

TYPO3 Core

Task #104329