[eluser]KeithB[/eluser]
I've just been reading through the implementation of the Email class to see if there is any inbuilt protection against header injection before I start using the facility. As far as I can tell, there is none, so I'm intending to ensure all header fields are checked for "\r" and "\n" if provided by a user. Having read a number of articles on the subject, this seems to be sufficient, but please let me know if this is not the case.
Anyway, I came across this code in the word_wrap() function and it looks incorrect unless I'm missing something about the way CodeIgniter handles web addresses:
Code:
// If the over-length word is a URL we won't wrap it
if (preg_match("!\[url.+\]|://|wwww.!", $line))
{
break;
}
The second part of the regular expression is matching the string "wwww" followed by any other character as far as I can tell. Should this be "www\." instead?
Thanks,
Keith
