]> granicus.if.org Git - php/commitdiff
Fixed MOPB-34-2007:PHP mail() Header Injection Through Subject and To
authorIlia Alshanetsky <iliaa@php.net>
Fri, 30 Mar 2007 00:28:58 +0000 (00:28 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Fri, 30 Mar 2007 00:28:58 +0000 (00:28 +0000)
Parameters

ext/standard/mail.c

index 6c5f3ec9cf20f702aa447d656bf02344ea1de4c9..08f0a121c7a24fbd6325e2f20608a85d1246ae0d 100644 (file)
@@ -48,8 +48,8 @@
 
 #define SKIP_LONG_HEADER_SEP(str, pos)                                                                         \
        if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) {        \
-               pos += 3;                                                                                       \
-               while (str[pos] == ' ' || str[pos] == '\t') {                                                   \
+               pos += 2;                                                                                       \
+               while (str[pos + 1] == ' ' || str[pos + 1] == '\t') {                                                   \
                        pos++;                                                                                  \
                }                                                                                               \
                continue;                                                                                       \