Email Header Injection in Invite Feature via Unsanitized POST Parameters

Email Header Injection in Invite Feature via Unsanitized POST Parameters

Thanks @cybershubham06
This commit is contained in:
novgorodschi catalin
2026-07-03 10:18:26 +03:00
parent 5f005e1d56
commit 3c401e46f7
2 changed files with 47 additions and 16 deletions
+17 -2
View File
@@ -156,8 +156,23 @@ if($id == 15){
if($id > 15){
include ("Templates/Plus/3.tpl");
}
if(isset($_POST['mail'])){
$mailer->sendInvite($_POST['mail'], $session->uid, $_POST['text']);
if (isset($_POST['mail'])) {
$email = trim($_POST['mail']);
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
// Blocăm CRLF injection și validăm adresa
if (
strpos($email, "\r") === false &&
strpos($email, "\n") === false &&
filter_var($email, FILTER_VALIDATE_EMAIL)
) {
// Limităm dimensiunea și eliminăm caracterele de control
$text = substr($text, 0, 2000);
$text = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/', '', $text);
$mailer->sendInvite($email, $session->uid, $text);
}
}
?>