diff --git a/GameEngine/Mailer.php b/GameEngine/Mailer.php index 3e826341..34aafc7c 100755 --- a/GameEngine/Mailer.php +++ b/GameEngine/Mailer.php @@ -55,24 +55,40 @@ class Mailer * ------------------------------------------------------------------------- * FIX: $username was undefined -> fallback safe value added */ - function sendInvite($email, $uid, $text) - { - $subject = SERVER_NAME . " registration"; + function sendInvite($email, $uid, $text){ + + $email = trim($email); + $uid = (int)$uid; + $text = trim($text); - // FIX: prevent undefined variable notice - $username = "User"; + // Protecție împotriva Email Header Injection + if ( + strpos($email, "\r") !== false || + strpos($email, "\n") !== false || + !filter_var($email, FILTER_VALIDATE_EMAIL) + ) { + return false; + } - $message = - "Hello " . $username . "\n\n" . - "Try the new " . SERVER_NAME . "!\n\n\n" . - "Link: " . SERVER . "anmelden.php?id=ref" . $uid . "\n\n" . - $text . "\n\n\n" . - "Greetings,\n" . - "Travian"; + // Curățăm textul + $text = substr($text, 0, 2000); + $text = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $text); - $headers = "From: " . ADMIN_EMAIL . "\r\n"; + $subject = SERVER_NAME . " registration"; - @mail($email, $subject, $message, $headers); + $username = "User"; + + $message = + "Hello " . $username . "\n\n" . + "Try the new " . SERVER_NAME . "!\n\n\n" . + "Link: " . SERVER . "anmelden.php?id=ref" . $uid . "\n\n" . + $text . "\n\n\n" . + "Greetings,\n" . + "Travian"; + + $headers = "From: " . ADMIN_EMAIL . "\r\n"; + + return @mail($email, $subject, $message, $headers); } /** diff --git a/plus.php b/plus.php index 0f776564..7c3bf0c5 100644 --- a/plus.php +++ b/plus.php @@ -156,8 +156,23 @@ if($id == 15){ if($id > 15){ include ("Templates/Plus/3.tpl"); } -if(isset($_POST['mail'])){ - $mailer->sendInvite($_POST['mail'], $session->uid, $_POST['text']); +if (isset($_POST['mail'])) { + + $email = trim($_POST['mail']); + $text = isset($_POST['text']) ? trim($_POST['text']) : ''; + + // Blocăm CRLF injection și validăm adresa + if ( + strpos($email, "\r") === false && + strpos($email, "\n") === false && + filter_var($email, FILTER_VALIDATE_EMAIL) + ) { + // Limităm dimensiunea și eliminăm caracterele de control + $text = substr($text, 0, 2000); + $text = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $text); + + $mailer->sendInvite($email, $session->uid, $text); + } } ?>