Welcome Guest, Not a member yet? Register   Sign In
Email class - is this an error?
#1

[eluser]KeithB[/eluser]
I've just been reading through the implementation of the Email class to see if there is any inbuilt protection against header injection before I start using the facility. As far as I can tell, there is none, so I'm intending to ensure all header fields are checked for "\r" and "\n" if provided by a user. Having read a number of articles on the subject, this seems to be sufficient, but please let me know if this is not the case.

Anyway, I came across this code in the word_wrap() function and it looks incorrect unless I'm missing something about the way CodeIgniter handles web addresses:

Code:
// If the over-length word is a URL we won't wrap it
if (preg_match("!\[url.+\]|://|wwww.!", $line))
{
    break;
}

The second part of the regular expression is matching the string "wwww" followed by any other character as far as I can tell. Should this be "www\." instead?

Thanks,
Keith




Theme © iAndrew 2016 - Forum software by © MyBB