From 8b213268c9e6df48ff7d7addb1b74557982efff9 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Tue, 29 Nov 2011 12:44:31 +0000 Subject: [PATCH] Ensure that Reply-To isn't missing domain - we already do the same for the From header in functions/identity.php git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14156 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- doc/ChangeLog | 2 ++ src/compose.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index d1c84d6c..8135dcca 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -367,6 +367,8 @@ Version 1.5.2 - SVN to Nicholas Carlini for finding all these issues). [CVE-2011-2752, CVE-2011-2753, CVE-2010-4555] - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023] + - Always ensure that the Reply-To header is a full email address in + outgoing messages (makes the Verify Reply-To plugin obsolete) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/src/compose.php b/src/compose.php index e7ed28e8..3ba329b4 100644 --- a/src/compose.php +++ b/src/compose.php @@ -1627,6 +1627,8 @@ function deliverMessage(&$composeMessage, $draft=false) { $reply_to = ''; $reply_to = $idents[$identity]['reply_to']; + if (strpos($reply_to, '@') === FALSE) + $reply_to .= '@' . $domain; $from_addr = build_from_header($identity); $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true); -- 2.25.1