CodeIgniter Forums
New to CI - Email Class Advice - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: New to CI - Email Class Advice (/thread-7819.html)



New to CI - Email Class Advice - El Forum - 04-23-2008

[eluser]fusionblu[/eluser]
Hi,
I am building a website that involves mailing of forms and registration data. This question is regarding the use of CI Email class. Does the class provide in build 'Header injection protection' ? or do I have to build a wrapper around it?


New to CI - Email Class Advice - El Forum - 04-24-2008

[eluser]GSV Sleeper Service[/eluser]
it looks like it does. from system/libraries/Email.php
Code:
/**
     * Set Email Subject
     *
     * @access    public
     * @param    string
     * @return    void
     */    
    function subject($subject)
    {
        $subject = preg_replace("/(\r\n)|(\r)|(\n)/", "", $subject);
        $subject = preg_replace("/(\t)/", " ", $subject);
        
        $this->_set_header('Subject', trim($subject));        
    }



New to CI - Email Class Advice - El Forum - 11-10-2008

[eluser]webbower[/eluser]
I don't think that's sufficient enough. I was curious about how CI handles Email Header Injection attacks and near as I can tell, it either does it silently or not at all.

The old Secure PHP Wiki (www.securephpwiki.com) which doesn't seem to want to come up anymore had a good article about the topic. I managed to bring up the old page (minus the styling and formatting unfortunately) with the Internet Archive's Wayback machine (it may take a little while to load)

Email Header Injection Attacks

Thoughts?