sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Properly sanitize e-mail addresses in wp-mail.php. Props giannis1. fixes #5169 for trunk 

git-svn-id: https://develop.svn.wordpress.org/trunk@6212 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-10-09 22:15:37 +00:00
parent 0fb24b1a07
commit 1e41dc0c9e
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-mail.php
View File

@ -63,9 +63,8 @@ for ($i=1; $i <= $count; $i++) :
// Set the author using the email address (To or Reply-To, the last used) // Set the author using the email address (To or Reply-To, the last used)
// otherwise use the site admin // otherwise use the site admin
if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) { if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) {
$author=trim($line); $author = sanitize_email($line);
if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { if ( is_email($author) ) {
$author = $regs[1];
echo "Author = {$author} <p>"; echo "Author = {$author} <p>";
$author = $wpdb->escape($author); $author = $wpdb->escape($author);
$result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1"); $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");