diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-03-12 08:43:21 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-03-12 08:44:03 +0100 |
commit | 097c544d98bbeee7d120af549116da57ee448ca5 (patch) | |
tree | fb43937fe729737b7bf1d5c302496e3ddaf7735f | |
parent | 2bbbca39ffdf99e5acc2d160c06ceed2f461e18f (diff) |
Don't show fake address - phishing prevention (#1488981)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 5 |
2 files changed, 6 insertions, 0 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Don't show fake address - phishing prevention (#1488981) - Fix forward as attachment bug with editormode != 1 (#1488991) - Fix LIMIT/OFFSET queries handling on MS SQL Server (#1488984) - Fix javascript errors when working in a page opened with taget="_blank" diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 19290e40a..92f32f910 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1440,6 +1440,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = $part['mailto']; $string = $part['string']; + // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>" + if ($name && $name != $mailto && strpos($name, '@')) { + $name = ''; + } + // IDNA ASCII to Unicode if ($name == $mailto) $name = rcube_idn_to_utf8($name); |