From 03400bc4f7e55f1f41139d030d2cb6ddde7dc025 Mon Sep 17 00:00:00 2001
From: Rostislav Wolny <rosta@mailpoet.com>
Date: Fri, 8 Jan 2021 15:38:38 +0100
Subject: [PATCH] Prevent using invalid bounce email address

[MAILPOET-2933]
---
 lib/Mailer/Mailer.php                   | 19 +++++++++++++++----
 tests/integration/Mailer/MailerTest.php | 10 ++++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/lib/Mailer/Mailer.php b/lib/Mailer/Mailer.php
index 0b4c80370a..274fb71a37 100644
--- a/lib/Mailer/Mailer.php
+++ b/lib/Mailer/Mailer.php
@@ -15,6 +15,7 @@ use MailPoet\Mailer\Methods\SendGrid;
 use MailPoet\Mailer\Methods\SMTP;
 use MailPoet\Services\AuthorizedEmailsController;
 use MailPoet\Settings\SettingsController;
+use MailPoet\WP\Functions as WPFunctions;
 
 class Mailer {
   public $mailerConfig;
@@ -24,6 +25,10 @@ class Mailer {
   public $mailerInstance;
   /** @var SettingsController */
   private $settings;
+
+  /** @var WPFunctions */
+  private $wp;
+
   const MAILER_CONFIG_SETTING_NAME = 'mta';
   const SENDING_LIMIT_INTERVAL_MULTIPLIER = 60;
   const METHOD_MAILPOET = 'MailPoet';
@@ -32,11 +37,15 @@ class Mailer {
   const METHOD_PHPMAIL = 'PHPMail';
   const METHOD_SMTP = 'SMTP';
 
-  public function __construct(SettingsController $settings = null) {
+  public function __construct(SettingsController $settings = null, WPFunctions $wp = null) {
     if (!$settings) {
       $settings = SettingsController::getInstance();
     }
+    if (!$wp) {
+      $wp = WPFunctions::get();
+    }
     $this->settings = $settings;
+    $this->wp = $wp;
   }
 
   public function init($mailer = false, $sender = false, $replyTo = false, $returnPath = false) {
@@ -156,9 +165,11 @@ class Mailer {
   }
 
   public function getReturnPathAddress($returnPath) {
-    return ($returnPath) ?
-      $returnPath :
-      $this->settings->get('bounce.address');
+    if ($returnPath) {
+      return $returnPath;
+    }
+    $bounceAddress = $this->settings->get('bounce.address');
+    return $this->wp->isEmail($bounceAddress) ? $bounceAddress : null;
   }
 
   /**
diff --git a/tests/integration/Mailer/MailerTest.php b/tests/integration/Mailer/MailerTest.php
index f76dadfb6b..55dfe82c1f 100644
--- a/tests/integration/Mailer/MailerTest.php
+++ b/tests/integration/Mailer/MailerTest.php
@@ -201,6 +201,16 @@ class MailerTest extends \MailPoetTest {
     expect($result['response'])->true();
   }
 
+  public function testItIgnoresInvalidBounceAddress() {
+    $this->settings->set('bounce.address', 'ok@address.com');
+    $mailer = new Mailer();
+    $mailer->init($this->mailer, $this->sender, $this->replyTo);
+    expect($mailer->returnPath)->equals('ok@address.com');
+    $this->settings->set('bounce.address', 'invalid');
+    $mailer->init($this->mailer, $this->sender, $this->replyTo);
+    expect($mailer->returnPath)->null();
+  }
+
   public function _after() {
     $this->diContainer->get(SettingsRepository::class)->truncate();
   }