diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-05-10 09:35:24 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-05-10 09:37:25 +0200 |
commit | bde85428d69069637782d9507475df78890f08d0 (patch) | |
tree | 134efa1bc2a51ec69b9f0c8778dd2722b477d972 /program/steps/mail | |
parent | 71ec1b6063378c684c6db9b2b63475d52e0ac165 (diff) |
Fix handling of invalid email addresses in headers (#1489092)
Conflicts:
CHANGELOG
program/steps/mail/func.inc
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/func.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 7ef821676..0dae6de57 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1441,9 +1441,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $name = $part['name']; $mailto = $part['mailto']; $string = $part['string']; + $valid = check_email($mailto, false); // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>" - if ($name && $name != $mailto && strpos($name, '@')) { + if ($name && $valid && $name != $mailto && strpos($name, '@')) { $name = ''; } @@ -1459,7 +1460,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, // for printing we display all addresses continue; } - else if (check_email($part['mailto'], false)) { + else if ($valid) { if ($linked) { $address = html::a(array( 'href' => 'mailto:'.$mailto, @@ -1492,7 +1493,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, if ($name) $address .= Q($name); if ($mailto) - $address .= (strlen($address) ? ' ' : '') . sprintf('<%s>', Q($mailto)); + $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto)); } $address = html::span('adr', $address); |