Ensure that Reply-To isn't missing domain - we already do the same for the From heade...
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 29 Nov 2011 12:44:31 +0000 (12:44 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 29 Nov 2011 12:44:31 +0000 (12:44 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14156 7612ce4b-ef26-0410-bec9-ea0150e637f0

doc/ChangeLog
src/compose.php

index d1c84d6..8135dcc 100644 (file)
@@ -367,6 +367,8 @@ Version 1.5.2 - SVN
     to Nicholas Carlini for finding all these issues).
     [CVE-2011-2752, CVE-2011-2753, CVE-2010-4555]
   - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
+  - Always ensure that the Reply-To header is a full email address in
+    outgoing messages (makes the Verify Reply-To plugin obsolete)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
index e7ed28e..3ba329b 100644 (file)
@@ -1627,6 +1627,8 @@ function deliverMessage(&$composeMessage, $draft=false) {
 
     $reply_to = '';
     $reply_to  = $idents[$identity]['reply_to'];
+    if (strpos($reply_to, '@') === FALSE)
+        $reply_to .= '@' . $domain;
     
     $from_addr = build_from_header($identity);
     $rfc822_header->from = $rfc822_header->parseAddress($from_addr,true);