Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.1

Bug #8699 slightly improved regex for header injection checking
Submitted: 2006-09-14 14:43 UTC
From: werner at seagullproject dot org Assigned: jon
Status: Closed Package: Mail (version 1.1.12)
PHP Version: 5.1.2 OS: all
Roadmaps: (Not assigned)    
Subscription  
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes. If this is not your bug, you can add a comment by following this link. If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
2006-09-15 03:50 UTC
Package:
Bug Type:
Summary:
From: werner at seagullproject dot org
New email:
PHP Version: Package Version: OS:

 

 [2006-09-14 14:43 UTC] werner at seagullproject dot org (Werner Krauss)
Description: ------------ We implemented the patch from http://pear.php.net/bugs/6229 earlier in Seagull PHP Framework and improved the regex: Currently it's: '=(<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r).*=' We have: "#((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*#i" which would also match on <lf> patch to follow

Comments

 [2006-09-14 15:10 UTC] werner at seagullproject dot org
We implemented the patch from http://pear.php.net/bugs/6229 earlier in Seagull PHP Framework and improved the regex: Currently it's: '=(<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r).*=' We have: "#((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*#i" which would also match on <lf> patch is here: http://www.netwerkstatt.at/temp/sanitise_header_improvement.diff
 [2006-09-15 03:50 UTC] jon (Jon Parise)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/Mail