From ff7542bfb9648a8970bd6ff767bb62a647f705ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Tue, 12 Mar 2013 08:43:21 +0100 Subject: Don't show fake address - phishing prevention (#1488981) --- CHANGELOG | 1 + program/steps/mail/func.inc | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 855316238..499d5ba07 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Don't show fake address - phishing prevention (#1488981) - Fix forward as attachment bug with editormode != 1 (#1488991) - Fix LIMIT/OFFSET queries handling on MS SQL Server (#1488984) - Fix so task name can really contain all from a-z0-9_- characters (#1488941) diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 4a3476320..137e87d49 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1444,6 +1444,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = $part['mailto']; $string = $part['string']; + // phishing email prevention (#1488981), e.g. "valid@email.addr " + if ($name && $name != $mailto && strpos($name, '@')) { + $name = ''; + } + // IDNA ASCII to Unicode if ($name == $mailto) $name = rcube_idn_to_utf8($name); -- cgit v1.2.3