diff options
| author | roundcube <roundcube@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2005-11-02 22:43:55 +0000 |
|---|---|---|
| committer | roundcube <roundcube@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2005-11-02 22:43:55 +0000 |
| commit | 57ec5d55c3e501a84b622be6f3b0d8a17e42214c (patch) | |
| tree | d7923eba702f5b1eb17a71aec0a607ced8b8187e /roundcubemail/program/steps/mail/sendmail.inc | |
| parent | 031e03812e6924ee21e0e1af57122fdef3d0772e (diff) | |
Added more XSS protection (Bug #1308236) and some visual enhancements
git-svn-id: https://svn.roundcube.net/trunk@73 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/mail/sendmail.inc')
| -rw-r--r-- | roundcubemail/program/steps/mail/sendmail.inc | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/roundcubemail/program/steps/mail/sendmail.inc b/roundcubemail/program/steps/mail/sendmail.inc index fbb31b3d8..48a5ccc6f 100644 --- a/roundcubemail/program/steps/mail/sendmail.inc +++ b/roundcubemail/program/steps/mail/sendmail.inc @@ -65,10 +65,11 @@ function rcmail_get_identity($id) /****** check submission and compose message ********/ -$mailto_regexp = '/,\s*$/'; +$mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m'); +$mailto_replace = array(' ', ', ', ''); -// trip ending ', ' from -$mailto = preg_replace($mailto_regexp, '', $_POST['_to']); +// repalce new lines and strip ending ', ' +$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to'])); // decode address strings $to_address_arr = $IMAP->decode_address_list($mailto); @@ -90,10 +91,10 @@ $headers = array('Date' => date('D, j M Y G:i:s O'), // additional recipients if ($_POST['_cc']) - $headers['Cc'] = preg_replace($mailto_regexp, '', $_POST['_cc']); + $headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc'])); if ($_POST['_bcc']) - $headers['Bcc'] = preg_replace($mailto_regexp, '', $_POST['_bcc']); + $headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc'])); if (strlen($identity_arr['bcc'])) $headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc']; |