These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see doc/license.txt |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | require_once __DIR__ . '/../vendor/autoload.php'; |
||
7 | |||
8 | class mail extends Smarty |
||
9 | { |
||
10 | public $name = 'sys_nothing'; |
||
11 | public $main_template = 'sys_main'; |
||
12 | public $recipient_locale = null; |
||
13 | |||
14 | public $from = ''; |
||
15 | public $to = ''; |
||
16 | public $subject = ''; |
||
17 | |||
18 | public $replyTo = null; |
||
19 | public $returnPath = null; |
||
20 | |||
21 | public $headers = array(); |
||
22 | |||
23 | /** |
||
24 | * mail constructor. |
||
25 | */ |
||
26 | public function __construct() |
||
27 | { |
||
28 | parent::__construct(); |
||
29 | |||
30 | global $opt; |
||
31 | |||
32 | $this->template_dir = __DIR__ . '/../templates2/mail/'; |
||
33 | $this->compile_dir = __DIR__ . '/../var/cache2/smarty/compiled/'; |
||
34 | $this->plugins_dir = [ |
||
35 | 'plugins', |
||
36 | __DIR__ . '/../src/Oc/SmartyPlugins' |
||
37 | ]; |
||
38 | |||
39 | // disable caching ... |
||
40 | $this->caching = false; |
||
41 | |||
42 | // register additional functions |
||
43 | $this->load_filter('pre', 't'); |
||
44 | |||
45 | // cache control |
||
46 | if (($opt['debug'] & DEBUG_TEMPLATES) == DEBUG_TEMPLATES) { |
||
47 | $this->force_compile = true; |
||
48 | } |
||
49 | |||
50 | $this->from = $opt['mail']['from']; |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * @return string |
||
55 | */ |
||
56 | public function get_compile_id() |
||
57 | { |
||
58 | global $opt; |
||
59 | |||
60 | return 'mail|' . $opt['template']['locale'] . '|' . $this->compile_id; |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * @param $name |
||
65 | * @param $rs |
||
66 | */ |
||
67 | View Code Duplication | public function assign_rs($name, $rs) |
|
68 | { |
||
69 | $items = array(); |
||
70 | while ($r = sql_fetch_assoc($rs)) { |
||
71 | $items[] = $r; |
||
72 | } |
||
73 | $this->assign($name, $items); |
||
74 | } |
||
75 | |||
76 | /** |
||
77 | * @param bool $page_url |
||
78 | * |
||
79 | * @return bool |
||
80 | */ |
||
81 | public function send($page_url = false) |
||
82 | { |
||
83 | global $tpl, $opt; |
||
84 | |||
85 | if (!$this->template_exists($this->name . '.tpl')) { |
||
86 | $tpl->error(ERROR_MAIL_TEMPLATE_NOT_FOUND); |
||
87 | } |
||
88 | $this->assign('template', $this->name); |
||
89 | if (!$this->recipient_locale) { |
||
90 | $this->recipient_locale = $opt['template']['locale']; |
||
91 | } |
||
92 | |||
93 | $optn['mail']['contact'] = $opt['mail']['contact']; |
||
94 | $optn['page']['absolute_url'] = ($page_url ? $page_url : $opt['page']['absolute_url']); |
||
95 | $optn['page']['sitename'] = $opt['page']['sitename']; |
||
96 | $optn['format'] = $opt['locale'][$this->recipient_locale]['format']; |
||
97 | $this->assign('opt', $optn); |
||
98 | |||
99 | $this->assign('to', $this->to); |
||
100 | $this->assign('from', $this->from); |
||
101 | $this->assign('subject', $this->subject); |
||
102 | |||
103 | // This is nasty, but as there is only a global translation system |
||
104 | // (based on gettext) and there are no precompiled, language-dependend email |
||
105 | // templates available, we must temporarily change the locale according to |
||
106 | // the recipient's locale. If some error occurs while running fetch(), |
||
107 | // the error message may be displayed in the recipient's language. |
||
108 | |||
109 | $sender_locale = $opt['template']['locale']; |
||
110 | if ($this->recipient_locale != $sender_locale) { |
||
111 | $opt['template']['locale'] = $this->recipient_locale; |
||
112 | set_php_locale(); |
||
113 | } |
||
114 | |||
115 | $body = $this->fetch($this->main_template . '.tpl', '', $this->get_compile_id()); |
||
116 | |||
117 | if ($this->recipient_locale != $sender_locale) { |
||
118 | $opt['template']['locale'] = $sender_locale; |
||
119 | set_php_locale(); |
||
120 | } |
||
121 | |||
122 | // check if the target domain exists if the domain does not |
||
123 | // exist, the mail is sent to the own domain (?!) |
||
124 | $domain = mail::getToMailDomain($this->to); |
||
125 | if (mail::is_existent_maildomain($domain) == false) { |
||
126 | return false; |
||
127 | } |
||
128 | |||
129 | $aAddHeaders = array(); |
||
130 | $aAddHeaders[] = 'From: "' . $this->from . '" <' . $this->from . '>'; |
||
131 | |||
132 | if ($this->replyTo !== null) { |
||
133 | $aAddHeaders[] = 'Reply-To: ' . $this->replyTo; |
||
134 | } |
||
135 | |||
136 | if ($this->returnPath !== null) { |
||
137 | $aAddHeaders[] = 'Return-Path: ' . $this->returnPath; |
||
138 | } |
||
139 | |||
140 | $mailHeaders = implode("\n", array_merge($aAddHeaders, $this->headers)); |
||
141 | |||
142 | return mb_send_mail($this->to, $opt['mail']['subject'] . $this->subject, $body, $mailHeaders); |
||
0 ignored issues
–
show
$mailHeaders can contain request data and is used in request header context(s) leading to a potential security vulnerability.
17 paths for user data to reach this point
1. Path:
Read from
$_REQUEST, and $_REQUEST['newlist_name'] is passed through trim(), and $newListName is assigned
in htdocs/addtolist.php on line 26
2. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_style'] is passed to statpic::setStyle()
in htdocs/change_statpic.php on line 33
3. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_text'] is passed to statpic::setText()
in htdocs/change_statpic.php on line 26
8. Path:
Read from
$_REQUEST, and $_REQUEST['firstName'] is passed through trim(), and trim($_REQUEST['firstName']) is passed to user::setFirstName()
in htdocs/myprofile.php on line 60
10. Path:
Read from
$_REQUEST, and $_REQUEST['lastName'] is passed through trim(), and trim($_REQUEST['lastName']) is passed to user::setLastName()
in htdocs/myprofile.php on line 68
13. Path:
Read from
$_REQUEST, and $_REQUEST['username'] is passed through trim(), and trim($_REQUEST['username']) is passed to user::setUsername()
in htdocs/myprofile.php on line 52
15. Path:
Read from
$_FILES, and $_FILES['file']['name'] is passed to picture::setFilenames()
in htdocs/picture.php on line 124
16. Path:
Read from
$_FILES, and $_FILES['file']['name'] is escaped by pathinfo() for file context(s), and $fname is assigned
in htdocs/picture.php on line 117
17. Path:
Read from
$_REQUEST, and $_REQUEST['list_name'] is passed through trim(), and $list_name is assigned
in htdocs/mylists.php on line 18
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
143 | } |
||
144 | |||
145 | /** |
||
146 | * @param string $domain |
||
147 | * |
||
148 | * @return bool |
||
149 | */ |
||
150 | public static function is_existent_maildomain($domain) |
||
151 | { |
||
152 | if ($domain === 'localhost') { |
||
153 | return true; |
||
154 | } // allow maintenance mails e.g. to root |
||
155 | |||
156 | $smtpServerList = []; |
||
157 | $smtpServerWeight = []; |
||
158 | |||
159 | if (getmxrr($domain, $smtpServerList, $smtpServerWeight) !== false && count($smtpServerList) > 0) { |
||
160 | return true; |
||
161 | } |
||
162 | |||
163 | // check if A exists |
||
164 | $a = dns_get_record($domain, DNS_A); |
||
165 | |||
166 | return count($a) > 0; |
||
167 | } |
||
168 | |||
169 | /** |
||
170 | * @param string $mail |
||
171 | * |
||
172 | * @return string |
||
173 | */ |
||
174 | public static function getToMailDomain($mail) |
||
175 | { |
||
176 | if ($mail === '') { |
||
177 | return ''; |
||
178 | } |
||
179 | |||
180 | if (strrpos($mail, '@') === false) { |
||
181 | $domain = 'localhost'; |
||
182 | } else { |
||
183 | $domain = substr($mail, strrpos($mail, '@') + 1); |
||
184 | } |
||
185 | |||
186 | return $domain; |
||
187 | } |
||
188 | } |
||
189 |
$this->to
can contain request data and is used in request header context(s) leading to a potential security vulnerability.18 paths for user data to reach this point
$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assigned in htdocs/addtolist.php on line 26$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assignedin htdocs/addtolist.php on line 26
$newListName
is passed to cachelist::setNameAndVisibility()in htdocs/addtolist.php on line 38
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle() in htdocs/change_statpic.php on line 33$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle()in htdocs/change_statpic.php on line 33
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 31
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText() in htdocs/change_statpic.php on line 26$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText()in htdocs/change_statpic.php on line 26
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 47
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_POST,
and$logText
is assigned in htdocs/log.php on line 111$_POST,
and$logText
is assignedin htdocs/log.php on line 111
in vendor/htdocs/lib2/edithelper.inc.php on line 50
$logText
is assignedin htdocs/log.php on line 206
$logText
is passed to cachelog::setText()in htdocs/log.php on line 301
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelog.class.php on line 211
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$list_password
is assigned in htdocs/mylists.php on line 20$_REQUEST,
and$list_password
is assignedin htdocs/mylists.php on line 20
$list_password
is passed to cachelist::setPassword()in htdocs/mylists.php on line 58
$pw
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 151
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 82$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 82
$title
is passed to picture::setTitle()in htdocs/picture.php on line 87
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 169$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 169
$title
is passed to picture::setTitle()in htdocs/picture.php on line 173
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName() in htdocs/myprofile.php on line 60$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName()in htdocs/myprofile.php on line 60
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_POST,
and$first_name
is assigned in htdocs/register.php on line 17$_POST,
and$first_name
is assignedin htdocs/register.php on line 17
$first_name
is passed to user::setFirstName()in htdocs/register.php on line 40
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName() in htdocs/myprofile.php on line 68$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName()in htdocs/myprofile.php on line 68
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_POST,
and$last_name
is assigned in htdocs/register.php on line 16$_POST,
and$last_name
is assignedin htdocs/register.php on line 16
$last_name
is passed to user::setLastName()in htdocs/register.php on line 44
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_POST,
and$email
is assigned in htdocs/register.php on line 20$_POST,
and$email
is assignedin htdocs/register.php on line 20
$email
is passed to user::setEMail()in htdocs/register.php on line 30
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 180
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername() in htdocs/myprofile.php on line 52$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername()in htdocs/myprofile.php on line 52
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_POST,
and$username
is assigned in htdocs/register.php on line 15$_POST,
and$username
is assignedin htdocs/register.php on line 15
$username
is passed to user::setUsername()in htdocs/register.php on line 35
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames() in htdocs/picture.php on line 124$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames()in htdocs/picture.php on line 124
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assigned in htdocs/picture.php on line 117$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assignedin htdocs/picture.php on line 117
$fname
is passed through mb_strtolower(), andmb_strtolower($fname) . '.jpg'
is passed to picture::setFilenames()in htdocs/picture.php on line 130
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assigned in htdocs/mylists.php on line 18$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assignedin htdocs/mylists.php on line 18
$list_name
is passed to cachelist::setNameAndVisibility()in htdocs/mylists.php on line 53
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/user.class.php on line 171
$email
is assignedin htdocs/lib2/logic/user.class.php on line 781
in htdocs/lib2/logic/user.class.php on line 793
in htdocs/lib2/mail.class.php on line 142
$_REQUEST,
and$email
is assigned in htdocs/newemail.php on line 22$_REQUEST,
and$email
is assignedin htdocs/newemail.php on line 22
$email
is passed to user::requestNewEMail()in htdocs/newemail.php on line 41
in htdocs/lib2/logic/user.class.php on line 745
in htdocs/lib2/mail.class.php on line 142
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: