summaryrefslogtreecommitdiffstats
path: root/system/libraries/Email.php
diff options
context:
space:
mode:
authorflorisluiten <github@lenwweb.nl>2013-06-07 16:20:06 +0200
committerflorisluiten <github@lenwweb.nl>2013-06-07 16:20:06 +0200
commitf55d51488da5b3628ead257189240907cc153184 (patch)
tree5774e80df9766eef9eead5b4b398999839a723e5 /system/libraries/Email.php
parent5b3be33299d41f9272c7c9e3f2d3a3161c1d11b4 (diff)
Prevent email header injection
When a header is set, newline characters are stripped so one cannot inject his/her own email header(s). Since set_header is only used to set one header at a time, it should have no effect on any code relying on this function
Diffstat (limited to 'system/libraries/Email.php')
-rw-r--r--system/libraries/Email.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 10253c796..0774b4def 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -739,7 +739,7 @@ class CI_Email {
*/
public function set_header($header, $value)
{
- $this->_headers[$header] = $value;
+ $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
}
// --------------------------------------------------------------------
@@ -2212,4 +2212,4 @@ class CI_Email {
}
/* End of file Email.php */
-/* Location: ./system/libraries/Email.php */ \ No newline at end of file
+/* Location: ./system/libraries/Email.php */