diff options
| author | florisluiten <github@lenwweb.nl> | 2013-06-07 16:20:06 +0200 |
|---|---|---|
| committer | florisluiten <github@lenwweb.nl> | 2013-06-07 16:20:06 +0200 |
| commit | f55d51488da5b3628ead257189240907cc153184 (patch) | |
| tree | 5774e80df9766eef9eead5b4b398999839a723e5 /system | |
| parent | 5b3be33299d41f9272c7c9e3f2d3a3161c1d11b4 (diff) | |
Prevent email header injection
When a header is set, newline characters are stripped so one cannot inject his/her own email header(s). Since set_header is only used to set one header at a time, it should have no effect on any code relying on this function
Diffstat (limited to 'system')
| -rw-r--r-- | system/libraries/Email.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 10253c796..0774b4def 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- @@ -2212,4 +2212,4 @@ class CI_Email { } /* End of file Email.php */ -/* Location: ./system/libraries/Email.php */
\ No newline at end of file +/* Location: ./system/libraries/Email.php */ |