+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Email class - is this an error? (/showthread.php?tid=27533)
Email class - is this an error? - El Forum - 02-13-2010
[eluser]KeithB[/eluser]
I've just been reading through the implementation of the Email class to see if there is any inbuilt protection against header injection before I start using the facility. As far as I can tell, there is none, so I'm intending to ensure all header fields are checked for "\r" and "\n" if provided by a user. Having read a number of articles on the subject, this seems to be sufficient, but please let me know if this is not the case.
Anyway, I came across this code in the word_wrap() function and it looks incorrect unless I'm missing something about the way CodeIgniter handles web addresses:
Code:
// If the over-length word is a URL we won't wrap it
if (preg_match("!\[url.+\]|://|wwww.!", $line))
{
break;
}The second part of the regular expression is matching the string "wwww" followed by any other character as far as I can tell. Should this be "www\." instead?
Thanks,
Keith