Context Navigation

Email.inc.php

Timestamp:

Dec 11, 2007 10:53:46 PM (16 years ago)

Author:

quinn

Message:

Minor updates.

File:

r282	r293
303	303	// Check for mail header injection attacks.
304	304	$full_mail_content = join($this->getParam('crlf'), array($final_to, $this->_params['subject'], $final_body));
305		if (preg_match("/(^\|[\n\r])(Content-Type\|MIME-Version\|Content-Transfer-Encoding\|Bcc\|Cc):/i", $full_mail_content)) {
	305	if (preg_match("/(^\|[\n\r])(Content-Type\|MIME-Version\|Content-Transfer-Encoding\|Bcc\|Cc)\s*:/i", $full_mail_content)) {
306	306	$app->logMsg(sprintf('Mail header injection attack in content: %s', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
307	307	sleep(3);

Note: See TracChangeset for help on using the changeset viewer.