From 13c636cab62959a6a8a3190a56b17b1d1762ea90 Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Tue, 13 Sep 2011 14:55:34 +0000
Subject: [PATCH] Prevent email header injection

SVN:trunk[1573]
---
 core/email.class.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/email.class.inc.php b/core/email.class.inc.php
index c6c55752b..372cd5cb8 100644
--- a/core/email.class.inc.php
+++ b/core/email.class.inc.php
@@ -86,8 +86,8 @@ class EMail
 		set_error_handler(array($this, 'mail_error_handler'));
 		$bRes = mail
 		(
-			$this->m_sTo,
-			$this->m_sSubject,
+			str_replace(array("\n", "\r"), ' ', $this->m_sTo), // Prevent header injection
+			str_replace(array("\n", "\r"), ' ', $this->m_sSubject), // Prevent header injection
 			$this->m_sBody,
 			$sHeaders
 		);