diff options
| author | Andrey Andreev <narf@devilix.net> | 2013-06-25 11:22:37 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2013-06-25 11:22:37 +0200 |
| commit | b9e090e5f4ddb72aef6cf7f36cb17b842885d53e (patch) | |
| tree | 6bc5f1e60b78bcf27451df84cd3e3e68253acdd6 | |
| parent | 4a7310ec6e0c6b9e23bd4ff9450d8bfd04e567ea (diff) | |
| parent | 8094452263bfa158316dccbfd5b03c8f2bfb564d (diff) | |
Merge pull request #2480 from florisluiten/develop
Prevent email header injection
| -rw-r--r-- | system/libraries/Email.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 0c83a8ba9..11ee29041 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 38c6d05bd..c0f1566ed 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -264,6 +264,7 @@ Release Date: Not Released - Internal method ``_prep_q_encoding()`` now utilizes PHP's *mbstring* and *iconv* extensions (when available) and no longer has a second (``$from``) argument. - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). - Added SMTP keepalive option to avoid opening the connection for each ``Email::send()``. Accessible as ``$smtp_keepalive``. + - Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters. - :doc:`Pagination Library <libraries/pagination>` changes include: - Added support for the anchor "rel" attribute. - Added support for setting custom attributes. |