Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix header stripping.

To/Bcc/Cc need to be prefixed with new lines to be a successful
injection.  Check for that instead of other letters.

Fixes #2484
  • Loading branch information...
commit 83155c04d430825e5b4ac06fc475dafac444efb4 1 parent 359becc
Mark Story markstory authored
2  cake/libs/controller/components/email.php
View
@@ -799,7 +799,7 @@ function _formatAddress($string, $smtp = false) {
*/
function _strip($value, $message = false) {
$search = '%0a|%0d|Content-(?:Type|Transfer-Encoding)\:';
- $search .= '|charset\=|mime-version\:|multipart/mixed|(?:[^a-z]to|b?cc)\:.*';
+ $search .= '|charset\=|mime-version\:|multipart/mixed|(?:[\n\r]+to|b?cc)\:.*';
if ($message !== true) {
$search .= '|\r|\n';
5 cake/tests/cases/libs/controller/components/email.test.php
View
@@ -977,6 +977,11 @@ function testContentStripping() {
$result = $this->Controller->EmailTest->strip($content, true);
$expected = $content;
$this->assertEqual($result, $expected);
+
+ $content = 'This is a test email to: you and whomever you forward it to';
+ $result = $this->Controller->EmailTest->strip($content, true);
+ $expected = $content;
+ $this->assertEqual($result, $expected);
}
/**
Please sign in to comment.
Something went wrong with that request. Please try again.