Gerrit change I5cc3d2eda7188628fd016950a16ffe63c2ae6f6f proposes adding the Plancake e-mail parser library to the mediawiki/vendor repository. This addition needs to be approved by the security team.
Version: unspecified
Severity: normal
Gerrit change I5cc3d2eda7188628fd016950a16ffe63c2ae6f6f proposes adding the Plancake e-mail parser library to the mediawiki/vendor repository. This addition needs to be approved by the security team.
Version: unspecified
Severity: normal
The library was already approved in https://bugzilla.wikimedia.org/show_bug.cgi?id=69099#c3 so I think this just needs to be acknowledged here for bookkeeping purposes.
I thought there was more to it than just https://github.com/floriansemm/official-library-php-email-parser/blob/master/PlancakeEmailParser.php, but it looks like that's all there is?
I can't speak for the correctness for the email parsing, but the code shouldn't be able to harm the site.
It does pass user controlled data to the in_charset of iconv. I don't think there should be an issue there, but I'm going to check out iconv again..