diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/steps/mail/func.inc | 5 |
2 files changed, 6 insertions, 0 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Don't show fake address - phishing prevention (#1488981) - Fix forward as attachment bug with editormode != 1 (#1488991) - Fix LIMIT/OFFSET queries handling on MS SQL Server (#1488984) - Fix javascript errors when working in a page opened with taget="_blank" diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 19290e40a..92f32f910 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1440,6 +1440,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = $part['mailto']; $string = $part['string']; + // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>" + if ($name && $name != $mailto && strpos($name, '@')) { + $name = ''; + } + // IDNA ASCII to Unicode if ($name == $mailto) $name = rcube_idn_to_utf8($name); |