diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2007-03-30 00:29:32 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2007-03-30 00:29:32 +0000 |
| commit | e5247d0dd0873bb8fe1681a9423fd1177a559a14 (patch) | |
| tree | 0b358edbf2592cf444f2959034af7c786badcd37 | |
| parent | fcb34ab808aa3f67311948361cbaddfc9f2ed0ab (diff) | |
| download | php-git-e5247d0dd0873bb8fe1681a9423fd1177a559a14.tar.gz | |
MFB: Fixed MOPB-34-2007:PHP mail() Header Injection Through Subject and To
Parameters
| -rw-r--r-- | ext/standard/mail.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/mail.c b/ext/standard/mail.c index 72bbf7f38d..5929a05034 100644 --- a/ext/standard/mail.c +++ b/ext/standard/mail.c @@ -48,8 +48,8 @@ #define SKIP_LONG_HEADER_SEP(str, pos) \ if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \ - pos += 3; \ - while (str[pos] == ' ' || str[pos] == '\t') { \ + pos += 2; \ + while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \ pos++; \ } \ continue; \ |