Changeset 36 for trunk/lib/Email.inc.php

Timestamp:

Dec 13, 2005 8:58:18 AM (18 years ago)

Author:

scdev

Message:

added mail header injection prevention to Email::

File:

• trunk/lib/Email.inc.php (modified) (2 diffs)

trunk/lib/Email.inc.php

@@ -219 +219 @@
              $this->setParam(array('subject' => $subject));
         }
-    
-    
+
         // Ensure required values exist.
         if (!isset($this->_template)) {
@@ -249 +248 @@
         
         // From headers are custom headers.
-        $headers = sprintf("From: %s\r\n", $this->_params['from']);
+        $headers = sprintf("From: %s\r\n\r\n", $this->_params['from']); 
         
         // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part.
         $envelope_sender_header = sprintf('-f %s', preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from']));
+        
+        // Check for mail header injection attacks.
+        $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $headers, $envelope_sender_header));
+        if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) {
+            App::logMsg(sprintf('Mail header injection attack: ', $full_mail_content), LOG_WARNING, __FILE__, __LINE__);
+            sleep(3);
+            return false;
+        }
 
         // Ensure message was successfully accepted for delivery.