Changeset 936

Show
Ignore:
Timestamp:
04/09/07 16:41:02 (1 year ago)
Author:
Rickard
Message:

Prevent NULL byte injection into the e-mail message field (can result in truncation of the message).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/upload/include/email.php

    r255 r936  
    7878        $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer'; 
    7979 
    80         // Make sure all linebreaks are CRLF in message 
    81         $message = str_replace("\n", "\r\n", pun_linebreaks($message)); 
     80        // Make sure all linebreaks are CRLF in message (and strip out any NULL bytes) 
     81        $message = str_replace(array("\n", "\0"), array("\r\n", ''), pun_linebreaks($message)); 
    8282 
    8383        if ($pun_config['o_smtp_host'] != '')