Don't show fake address - phishing prevention (#1488981)

author: Aleksander Machniak <alec@alec.pl> 2013-03-12 08:43:21 +0100
committer: Aleksander Machniak <alec@alec.pl> 2013-03-12 08:43:21 +0100
commit: ff7542bfb9648a8970bd6ff767bb62a647f705ad (patch)
tree: 6575d685258e87bbf33d592f6d76106f91a5a52c /program/steps/mail
parent: abf46755c9638ad27ac876787343fa4c1f0e8990 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 4a3476320..137e87d49 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1444,6 +1444,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
     $mailto = $part['mailto'];
     $string = $part['string'];
 
+    // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
+    if ($name && $name != $mailto && strpos($name, '@')) {
+      $name = '';
+    }
+
     // IDNA ASCII to Unicode
     if ($name == $mailto)
       $name = rcube_idn_to_utf8($name);
author	Aleksander Machniak <alec@alec.pl>	2013-03-12 08:43:21 +0100
committer	Aleksander Machniak <alec@alec.pl>	2013-03-12 08:43:21 +0100
commit	ff7542bfb9648a8970bd6ff767bb62a647f705ad (patch)
tree	6575d685258e87bbf33d592f6d76106f91a5a52c /program/steps/mail
parent	abf46755c9638ad27ac876787343fa4c1f0e8990 (diff)