Changeset 293 for trunk/lib/Email.inc.php
- Timestamp:
- Dec 11, 2007 10:53:46 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Email.inc.php
r282 r293 303 303 // Check for mail header injection attacks. 304 304 $full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body)); 305 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc) :/i", $full_mail_content)) {305 if (preg_match("/(^|[\n\r])(Content-Type|MIME-Version|Content-Transfer-Encoding|Bcc|Cc)\s*:/i", $full_mail_content)) { 306 306 $app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 307 307 sleep(3);
Note: See TracChangeset
for help on using the changeset viewer.