- Timestamp:
- Dec 11, 2007 10:53:46 PM (16 years ago)
- Location:
- trunk/lib
- Files:
-
- 2 edited
-
App.inc.php (modified) (1 diff)
-
Email.inc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r282 r293 65 65 'session_name' => '_session', 66 66 'session_use_cookies' => true, 67 68 // Pass the session-id through URLs if cookies are not enabled? 69 // Disable this to prevent session ID theft. 67 70 'session_use_trans_sid' => false, 68 71 -
trunk/lib/Email.inc.php
r282 r293 303 303 // Check for mail header injection attacks. 304 304 $full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body)); 305 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc) :/i", $full_mail_content)) {305 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) { 306 306 $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 307 307 sleep(3);
Note: See TracChangeset
for help on using the changeset viewer.
