From f55d51488da5b3628ead257189240907cc153184 Mon Sep 17 00:00:00 2001
From: florisluiten <github@lenwweb.nl>
Date: Fri, 7 Jun 2013 17:20:06 +0300
Subject: Prevent email header injection

When a header is set, newline characters are stripped so one cannot inject his/her own email header(s). Since set_header is only used to set one header at a time, it should have no effect on any code relying on this function
---
 system/libraries/Email.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'system/libraries/Email.php')

diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 10253c796..0774b4def 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -739,7 +739,7 @@ class CI_Email {
 	 */
 	public function set_header($header, $value)
 	{
-		$this->_headers[$header] = $value;
+		$this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
 	}
 
 	// --------------------------------------------------------------------
@@ -2212,4 +2212,4 @@ class CI_Email {
 }
 
 /* End of file Email.php */
-/* Location: ./system/libraries/Email.php */
\ No newline at end of file
+/* Location: ./system/libraries/Email.php */
-- 
cgit v1.2.3-24-g4f1b