banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't show fake address - phishing prevention (#1488981)

Browse Source
pull/62/head
Aleksander Machniak 11 years ago
parent abf46755c9
commit ff7542bfb9
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Don't show fake address - phishing prevention (#1488981)
- Fix forward as attachment bug with editormode != 1 (#1488991)
- Fix LIMIT/OFFSET queries handling on MS SQL Server (#1488984)
- Fix so task name can really contain all from a-z0-9_- characters (#1488941)

5
program/steps/mail/func.inc
Unescape Escape View File

@ -1444,6 +1444,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
$mailto = $part['mailto'];
$string = $part['string'];
// phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
if ($name && $name != $mailto && strpos($name, '@')) {
$name = '';
}
// IDNA ASCII to Unicode
if ($name == $mailto)
$name = rcube_idn_to_utf8($name);

Write Preview
Loading…
Cancel
Save