From 16c3a86193013efd604e4fe4c7ab225c3f65be87 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Mon, 10 Feb 2014 20:40:52 +0100 Subject: Use CRLF to separate headers in mail() This is the correct delimiter for mail headers according to the PHP documentation and RFC 2822. Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 5 ++++- web/lib/pkgfuncs.inc.php | 15 ++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) (limited to 'web/lib') diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 0207bbd..2b7cc7a 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -652,7 +652,10 @@ function send_resetkey($email, $body) { $body .= "\n\n". "{$AUR_LOCATION}/" . get_uri('/passreset/') . "?". "resetkey={$resetkey}"; - $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; + $headers = "Reply-to: nobody@archlinux.org\r\n" . + "From: aur-notify@archlinux.org\r\n" . + "X-Mailer: PHP\r\n" . + "X-MimeOLE: Produced By AUR"; @mail($email, 'AUR Password Reset', $body, $headers); } } diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 5800a26..e90d563 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -295,7 +295,10 @@ function add_package_comment($pkgid, $uid, $comment) { . "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button."; $body = wordwrap($body, 70); $bcc = implode(', ', $bcc); - $headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n"; + $headers = "Bcc: $bcc\r\n" . + "Reply-to: nobody@archlinux.org\r\n" . + "From: aur-notify@archlinux.org\r\n" . + "X-Mailer: AUR"; @mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers); } } @@ -797,7 +800,10 @@ function pkg_flag($atype, $ids) { while ($row = $result->fetch(PDO::FETCH_ASSOC)) { $body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . get_pkg_uri($row['Name']) . "\n\n[1] - " . $AUR_LOCATION . get_user_uri($f_name); $body = wordwrap($body, 70); - $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n"; + $headers = "Reply-to: nobody@archlinux.org\r\n" . + "From: aur-notify@archlinux.org\r\n" . + "X-Mailer: PHP\r\n" . + "X-MimeOLE: Produced By AUR"; @mail($row['Email'], "AUR Out-of-date Notification for ".$row['Name'], $body, $headers); } } @@ -903,7 +909,10 @@ function pkg_delete ($atype, $ids, $mergepkgid) { } $body = wordwrap($body, 70); $bcc = implode(', ', $bcc); - $headers = "Bcc: $bcc\nReply-to: nobody@archlinux.org\nFrom: aur-notify@archlinux.org\nX-Mailer: AUR\n"; + $headers = "Bcc: $bcc\r\n" . + "Reply-to: nobody@archlinux.org\r\n" . + "From: aur-notify@archlinux.org\r\n" . + "X-Mailer: AUR"; @mail('undisclosed-recipients: ;', "AUR Package deleted: " . $pkgname, $body, $headers); } } -- cgit v1.2.3-70-g09d2