From 62a386f94e4c17b49a661b57a65ea90a8e8b1054 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 15 Sep 2019 09:52:13 +0200 Subject: [PATCH] [Web] Remove invalid chars from sender for quota and quarantine notifications --- data/web/inc/functions.quarantine.inc.php | 4 +++- data/web/inc/functions.quota_notification.inc.php | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php index 430047e0..a7e94dc8 100644 --- a/data/web/inc/functions.quarantine.inc.php +++ b/data/web/inc/functions.quarantine.inc.php @@ -298,7 +298,9 @@ function quarantine($_action, $_data = null) { $max_size = $_data['max_size']; $max_age = intval($_data['max_age']); $subject = $_data['subject']; - $sender = $_data['sender']; + if (!filter_var($_data['sender'], FILTER_VALIDATE_EMAIL)) { + $sender = ''; + } $html = $_data['html_tmpl']; if ($max_age <= 0) { $max_age = 365; diff --git a/data/web/inc/functions.quota_notification.inc.php b/data/web/inc/functions.quota_notification.inc.php index 61d101dc..7778594f 100644 --- a/data/web/inc/functions.quota_notification.inc.php +++ b/data/web/inc/functions.quota_notification.inc.php @@ -21,7 +21,10 @@ function quota_notification($_action, $_data = null) { $release_format = 'raw'; } $subject = $_data['subject']; - $sender = $_data['sender']; + $sender = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $_data['sender']); + if (filter_var($sender, FILTER_VALIDATE_EMAIL) === false) { + $sender = ''; + } $html = $_data['html_tmpl']; try { $redis->Set('QW_SENDER', $sender);