Changeset 226


Ignore:
Timestamp:
Jan 10, 2007 4:57:15 AM (17 years ago)
Author:
quinn
Message:

Q - Email.inc.php - removed final_headers from mail header injection detection.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • tags/2.0.2/lib/Email.inc.php

    r217 r226  
    271271
    272272        // Check for mail header injection attacks.
    273         $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header));
     273        $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body));
    274274        if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) {
    275275            App::logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
Note: See TracChangeset for help on using the changeset viewer.