Changeset 36 for trunk/lib/Email.inc.php
- Timestamp:
- Dec 13, 2005 8:58:18 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Email.inc.php
r35 r36 219 219 $this->setParam(array('subject' => $subject)); 220 220 } 221 222 221 223 222 // Ensure required values exist. 224 223 if (!isset($this->_template)) { … … 249 248 250 249 // From headers are custom headers. 251 $headers = sprintf("From: %s\r\n ", $this->_params['from']);250 $headers = sprintf("From: %s\r\n\r\n", $this->_params['from']); 252 251 253 252 // This is the address where delivery problems are sent to. We must strip off everything except the local@domain part. 254 253 $envelope_sender_header = sprintf('-f %s', preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU', '$1', $this->_params['from'])); 254 255 // Check for mail header injection attacks. 256 $full_mail_content = join("\n", array($final_to, $this->_params['subject'], $final_body, $headers, $envelope_sender_header)); 257 if (preg_match("/(Content-Type:|MIME-Version:|Content-Transfer-Encoding:|[\n\r]Bcc:|[\n\r]Cc:)/i", $full_mail_content)) { 258 App::logMsg(sprintf('Mail header injection attack: ', $full_mail_content), LOG_WARNING, __FILE__, __LINE__); 259 sleep(3); 260 return false; 261 } 255 262 256 263 // Ensure message was successfully accepted for delivery.
Note: See TracChangeset
for help on using the changeset viewer.