Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.0.0
Bug #8699 slightly improved regex for header injection checking
Submitted: 2006-09-14 14:43 UTC
From: werner at seagullproject dot org Assigned: jon
Status: Closed Package: Mail (version 1.1.12)
PHP Version: 5.1.2 OS: all
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 25 + 5 = ?

 
 [2006-09-14 14:43 UTC] werner at seagullproject dot org (Werner Krauss)
Description: ------------ We implemented the patch from http://pear.php.net/bugs/6229 earlier in Seagull PHP Framework and improved the regex: Currently it's: '=(<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r).*=' We have: "#((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*#i" which would also match on <lf> patch to follow

Comments

 [2006-09-14 15:10 UTC] werner at seagullproject dot org
We implemented the patch from http://pear.php.net/bugs/6229 earlier in Seagull PHP Framework and improved the regex: Currently it's: '=(<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r).*=' We have: "#((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*#i" which would also match on <lf> patch is here: http://www.netwerkstatt.at/temp/sanitise_header_improvement.diff
 [2006-09-15 03:50 UTC] jon (Jon Parise)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/Mail