Thanks - there would appear to be significant differences between the two files.
PHP Code:
// check for injection attempts. If new-line characters found in header fields, simply fail to send the message
foreach(array($from_email_address, $to_address, $from_email_name, $to_name, $email_subject) as $key=>$value) {
if (eregi("\r",$value) || eregi("\n",$value)) return false;
}
Not sure what would happen if I simply inserted this code into the 1.3.71 version or if I uploaded the whole version 8 file without fully upgrading....
My test is only sending to one person at the moment so not sure what happens when more than one recipient is in the run.
Bookmarks