From 716d99918823dbe5d0cc83001ad25ae587c75cbb Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 12 Mar 2020 10:50:03 -0100
Subject: [PATCH] sanitizing

---
 lib/Service/MailService.php | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/lib/Service/MailService.php b/lib/Service/MailService.php
index fdee9be..7f7a486 100644
--- a/lib/Service/MailService.php
+++ b/lib/Service/MailService.php
@@ -170,8 +170,10 @@ private function verifyInfoAndPassword($content, $toInfo) {
 	 * @throws NotPermittedException
 	 */
 	private function getMailFolder($userId, $to, $from) {
-
 		$node = \OC::$server->getUserFolder($userId);
+		$to = $this->parseMailAddress($to);
+		$from = $this->parseMailAddress($from);
+
 		$folderPath = 'Mails sent to ' . $to . '/From ' . $from . '/';
 
 		if (!$node->nodeExists($folderPath)) {
@@ -371,4 +373,25 @@ private function saveMailAddresses($addresses) {
 	}
 
 
+	/**
+	 * @param string $address
+	 *
+	 * @return string
+	 */
+	private function parseMailAddress($address) {
+		$acceptedChars = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789@.-_+';
+
+		$fixed = '';
+		for ($i = 0; $i < strlen($address); $i++) {
+			$c = $address[$i];
+			if (strpos($acceptedChars, $c) !== false) {
+				$fixed .= $c;
+			}
+		}
+
+		$fixed = str_replace('..', '.', $fixed);
+
+		return $fixed;
+	}
+
 }