Small security fixes, not urgent

2025-08-05 17:18:04 +02:00 · 2025-02-24 15:54:37 +02:00 · 2025-02-24 15:54:37 +02:00 · 0a0d30d5a0
commit 0a0d30d5a0
parent d54c6f8f52
5 changed files with 14 additions and 7 deletions
--- a/cp/app/Lib/Logger.php
+++ b/cp/app/Lib/Logger.php
@ -74,6 +74,8 @@ class Logger extends \Monolog\Logger
            try {
                $mail = new PHPMailer(true);
                $mail->isSMTP();
+                $mailToAddress = $_ENV['MAIL_TO_ADDRESS'] ?? null;
+
                $mail->Host       = $_ENV['MAIL_HOST'];
                $mail->SMTPAuth   = true;
                $mail->Username   = $_ENV['MAIL_USERNAME'];
@ -81,7 +83,11 @@ class Logger extends \Monolog\Logger
                $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
                $mail->Port       = $_ENV['MAIL_PORT'];
                $mail->setFrom($_ENV['MAIL_FROM_ADDRESS'], $_ENV['MAIL_FROM_NAME']);
-                $mail->addAddress($_ENV['MAIL_TO_ADDRESS']); // Send to admin email
+                if (!$mailToAddress) {
+                    error_log("MAIL_TO_ADDRESS is missing, skipping recipient.");
+                } else {
+                    $mail->addAddress($mailToAddress);
+                }

                // Attach PHPMailer to Monolog
                $mailerHandler = new PHPMailerHandler($mail);