Skip to content

Commit

Permalink
Harden email-address class against multiple mailto-uri's (seen in the…
Browse files Browse the repository at this point in the history 
… wild in eduGAIN)
  • Loading branch information
@tvdijen
tvdijen committed Apr 9, 2024
1 parent 7b40b5d commit 011ff8f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/SAML2/XML/md/EmailAddress.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ protected function validateContent(string $content): void
*/
protected function sanitizeContent(string $content): string
{
return trim(preg_replace('/^mailto:/i', '', $content));
return trim(preg_replace('/^(mailto:)+/i', '', $content));
}


Expand Down
17 changes: 15 additions & 2 deletions tests/SAML2/XML/md/EmailAddressTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,11 @@ public static function setUpBeforeClass(): void
*/
public function testMarshalling(): void
{
$name = new EmailAddress('[email protected]');
$email = new EmailAddress('[email protected]');

$this->assertEquals(
self::$xmlRepresentation->saveXML(self::$xmlRepresentation->documentElement),
strval($name),
strval($email),
);
}

Expand Down Expand Up @@ -89,4 +89,17 @@ public function testUnmarshallingWithInvalidEmail(): void

EmailAddress::fromXML($document->documentElement);
}


/**
* Test that creating an EmailAddress from XML succeeds when multiple mailto: prefixes are in place.
*/
public function testUnmarshallingWithMultipleMailtoUri(): void
{
$document = clone self::$xmlRepresentation;
$document->documentElement->textContent = 'mailto:mailto:mailto:[email protected]';

$email = EmailAddress::fromXML($document->documentElement);
$this->assertEquals('mailto:[email protected]', $email->getContent());
}
}

0 comments on commit 011ff8f

Please sign in to comment.