Bug #9509: Don't sanitize raw header text

author Michael M Slusarz <slusarz@curecanti.org>

Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)

committer Michael M Slusarz <slusarz@curecanti.org>

Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)
author Michael M Slusarz <slusarz@curecanti.org>
Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)
committer Michael M Slusarz <slusarz@curecanti.org>
Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)
diff --git a/framework/Mail/lib/Horde/Mail/Transport.php b/framework/Mail/lib/Horde/Mail/Transport.php

index 4ecfe23..1b6538a 100644 (file)
--- a/framework/Mail/lib/Horde/Mail/Transport.php
+++ b/framework/Mail/lib/Horde/Mail/Transport.php
@@ -201,16 +201,19 @@ abstract class Horde_Mail_Transport
       * strings present in a legitimate header's value.  The goal of this
       * filter is to prevent mail injection attacks.
       *
+     * Raw headers are sent as-is.
+     *
       * @param array $headers  The associative array of headers to sanitize.
       *
       * @return array  The sanitized headers.
       */
      protected function _sanitizeHeaders($headers)
      {
-        foreach (array_keys($headers) as $key) {
+        foreach (array_diff(array_keys($headers), array('_raw')) as $key) {
              $headers[$key] = preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $headers[$key]);
          }
  
          return $headers;
      }
+
  }
author	Michael M Slusarz <slusarz@curecanti.org>
	Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)
committer	Michael M Slusarz <slusarz@curecanti.org>
	Thu, 13 Jan 2011 19:03:16 +0000 (12:03 -0700)