-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the possibility of changing @phpmailer.0 string in asHtml method when composing image cid. #3031
Comments
How do you see this as a risk? What threat model do you foresee as applying to it? Neither of these uses are headers. Also bear in mind that |
Our system underwent a security audit and it was detected as a vulnerability (excerpt below)
I would suggest adding |
Hello,
There is a hard coded string in https://github.com/PHPMailer/PHPMailer/blob/master/src/PHPMailer.php#L4418 and https://github.com/PHPMailer/PHPMailer/blob/master/src/PHPMailer.php#L4452 which leaks server/app details. For security reasons, we should be able to change this to a custom one, like other headers.
Currently, only way to do that, is to override the entire msgHTML method. Is there a chance to introduce a more flexible approach in the library?
The text was updated successfully, but these errors were encountered: