Prevent email header injection When a header is set, newline characters are stripped so one cannot inject his/her own email header(s). Since set_header is only used to set one header at a time, it should have no effect on any code relying on this function

commit: f55d51488da5b3628ead257189240907cc153184 [log] [tgz]
author: florisluiten <github@lenwweb.nl> Fri Jun 07 17:20:06 2013 +0300
committer: florisluiten <github@lenwweb.nl> Fri Jun 07 17:20:06 2013 +0300
tree: 5774e80df9766eef9eead5b4b398999839a723e5
parent: 5b3be33299d41f9272c7c9e3f2d3a3161c1d11b4 [diff] [blame]
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 10253c7..0774b4d 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php

@@ -739,7 +739,7 @@
 	 */
 	public function set_header($header, $value)
 	{
-		$this->_headers[$header] = $value;
+		$this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
 	}
 
 	// --------------------------------------------------------------------
@@ -2212,4 +2212,4 @@
 }
 
 /* End of file Email.php */
-/* Location: ./system/libraries/Email.php */
\ No newline at end of file
+/* Location: ./system/libraries/Email.php */
commit	f55d51488da5b3628ead257189240907cc153184	[log] [tgz]
author	florisluiten <github@lenwweb.nl>	Fri Jun 07 17:20:06 2013 +0300
committer	florisluiten <github@lenwweb.nl>	Fri Jun 07 17:20:06 2013 +0300
tree	5774e80df9766eef9eead5b4b398999839a723e5
parent	5b3be33299d41f9272c7c9e3f2d3a3161c1d11b4 [diff] [blame]