Fork me on GitHub
Subscribe 2

Ticket #409 (fixed bug)

The $to and $from addresses need sanitized/decoded for SMTP

  • Created: 2011-04-18 10:24:49
  • Reported by: Reines
  • Assigned to: Reines
  • Milestone: 2.0-alpha2
  • Component: email
  • Priority: high

The $to and $from addresses aren't currently properly sanitized or decoded within the SMTP part of fluxbb-mailer.

  • They may be in the form "Name <user@domain.tld>" - if they are, we need to extract just the email address.

  • They may be malicious and contain new lines to attempt header injection.

  • Certain characters (i.e. <>) might need escaped somehow? (not sure on this one... check)

  • They may be UTF8 encoded - obviously it will need reversed before we can attempt to extract the email.


Reines 2011-04-22 12:21:34

  • Status changed from open to fixed.