CodeIgniter Forums
Email class - is this an error? - Printable Version

+- CodeIgniter Forums (
+-- Forum: Archived Discussions (
+--- Forum: Archived General Discussion (
+--- Thread: Email class - is this an error? (/showthread.php?tid=27533)

Email class - is this an error? - El Forum - 02-13-2010

I've just been reading through the implementation of the Email class to see if there is any inbuilt protection against header injection before I start using the facility. As far as I can tell, there is none, so I'm intending to ensure all header fields are checked for "\r" and "\n" if provided by a user. Having read a number of articles on the subject, this seems to be sufficient, but please let me know if this is not the case.

Anyway, I came across this code in the word_wrap() function and it looks incorrect unless I'm missing something about the way CodeIgniter handles web addresses:

// If the over-length word is a URL we won't wrap it
if (preg_match("!\[url.+\]|://|wwww.!", $line))

The second part of the regular expression is matching the string "wwww" followed by any other character as far as I can tell. Should this be "www\." instead?