From f55d51488da5b3628ead257189240907cc153184 Mon Sep 17 00:00:00 2001 From: florisluiten Date: Fri, 7 Jun 2013 17:20:06 +0300 Subject: Prevent email header injection When a header is set, newline characters are stripped so one cannot inject his/her own email header(s). Since set_header is only used to set one header at a time, it should have no effect on any code relying on this function --- system/libraries/Email.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 10253c796..0774b4def 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- @@ -2212,4 +2212,4 @@ class CI_Email { } /* End of file Email.php */ -/* Location: ./system/libraries/Email.php */ \ No newline at end of file +/* Location: ./system/libraries/Email.php */ -- cgit v1.2.3-24-g4f1b From 2d7009c56b99442591e25c86032865b05c6262c8 Mon Sep 17 00:00:00 2001 From: "Floris Luiten (lenwweb.nl)" Date: Mon, 24 Jun 2013 20:48:17 +0200 Subject: Removed empty line at EOF --- system/libraries/Email.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 0774b4def..1ee0035cb 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -2212,4 +2212,4 @@ class CI_Email { } /* End of file Email.php */ -/* Location: ./system/libraries/Email.php */ +/* Location: ./system/libraries/Email.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b