Commit d3410597 authored by's avatar
Browse files

allow setting envelope from in mail()

PHPMailer sets the envelope from via additional_params. Lets whitelist
a parameter that consists solely of ``.

This is using a slightly restricted subset of characters that are valid
 in emails. But doing something more precise there seems like overkill.
parent 29051144
......@@ -6,7 +6,7 @@ class php::snuffleupagus::global(
# based on
$rules = {
'010-mail-add-params' => '# Prevent various `mail`-related vulnerabilities
'020-putenv' => '# Since it\'s now burned, me might as well mitigate it publicly
'030-includes' => '##Prevent various `include`-related vulnerabilities
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment