/** * Check if Header Fields are stripped accordingly in sendmail transport; * also check for header injection * @todo Determine why this fails in Windows (testmail3@example.com example) */ public function testHeaderEncoding2() { $mail = new Mail\Mail("UTF-8"); $mail->setBodyText('My Nice Test Text'); // try header injection: $mail->addTo("testmail@example.com\nCc:foobar@example.com"); $mail->addHeader('X-MyTest', "Test\nCc:foobar2@example.com", true); // try special Chars in Header Fields: $mail->setFrom('*****@*****.**', "\xC6\x98\xC6\x90\xC3\xA4\xC4\xB8"); $mail->addTo('*****@*****.**', "\xC4\xA7\xC4\xAF\xC7\xAB"); $mail->addCc('*****@*****.**', "\xC7\xB6\xC7\xB7"); $mail->setSubject("\xC7\xB1\xC7\xAE"); $mail->addHeader('X-MyTest', "Test-\xC7\xB1", true); $mock = new SendmailTransportMock(); $mail->send($mock); $this->assertTrue($mock->called); $this->assertContains( 'From: =?UTF-8?Q?=C6=98=C6=90=C3=A4=C4=B8?=', $mock->header, "From: Header was encoded unexpectedly." ); $this->assertNotContains( "\nCc:foobar@example.com", $mock->header, "Injection into From: header is possible." ); // To is done by mail() not in headers $this->assertNotContains( 'To: =?UTF-8?Q?=C4=A7=C4=AF=C7=AB?= <*****@*****.**>', $mock->header ); $this->assertContains( 'Cc: =?UTF-8?Q?=C7=B6=C7=B7?= <*****@*****.**>', $mock->header ); // Subject is done by mail() not in headers $this->assertNotContains( 'Subject: =?UTF-8?Q?=C7=B1=C7=AE?=', $mock->header ); $this->assertContains( 'X-MyTest:', $mock->header ); $this->assertNotContains( "\nCc:foobar2@example.com", $mock->header ); $this->assertContains( '=?UTF-8?Q?Test-=C7=B1?=', $mock->header ); }