From e88f183e8ed123f18a121eb0427d368722b312c4 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 12 Mar 2020 10:46:25 -0100
Subject: [PATCH] sanitizing

---
 lib/Service/MailService.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/lib/Service/MailService.php b/lib/Service/MailService.php
index 50ecc02..43af8fd 100644
--- a/lib/Service/MailService.php
+++ b/lib/Service/MailService.php
@@ -186,6 +186,9 @@ private function verifyInfoAndPassword(string $content, array $toInfo): void {
 	 */
 	private function getMailFolder(string $userId, string $to, string $from): Folder {
 		$node = OC::$server->getUserFolder($userId);
+		$to = $this->parseMailAddress($to);
+		$from = $this->parseMailAddress($from);
+
 		$folderPath = 'Mails sent to ' . $to . '/From ' . $from . '/';
 
 		if (!$node->nodeExists($folderPath)) {
@@ -384,5 +387,27 @@ private function saveMailAddresses(array $addresses): void {
 		$this->configService->setAppValue(ConfigService::FROMMAIL_ADDRESSES, json_encode($addresses));
 	}
 
+
+	/**
+	 * @param string $address
+	 *
+	 * @return string
+	 */
+	private function parseMailAddress(string $address): string {
+		$acceptedChars = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789@.-_+';
+
+		$fixed = '';
+		for ($i = 0; $i < strlen($address); $i++) {
+			$c = $address[$i];
+			if (strpos($acceptedChars, $c) !== false) {
+				$fixed .= $c;
+			}
+		}
+
+		$fixed = str_replace('..', '.', $fixed);
+
+		return $fixed;
+	}
+
 }