From 1b7798d214c93dbb93ff8a0dd23bd7f6c9851b38 Mon Sep 17 00:00:00 2001 From: markjaquith Date: Tue, 9 Oct 2007 22:15:37 +0000 Subject: [PATCH] Properly sanitize e-mail addresses in wp-mail.php. Props giannis1. fixes #5169 for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@6212 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-mail.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/wp-mail.php b/wp-mail.php index 5f11cb17e6..94dac0485a 100644 --- a/wp-mail.php +++ b/wp-mail.php @@ -63,9 +63,8 @@ for ($i=1; $i <= $count; $i++) : // Set the author using the email address (To or Reply-To, the last used) // otherwise use the site admin if (preg_match('/From: /', $line) | preg_match('/Reply-To: /', $line)) { - $author=trim($line); - if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) { - $author = $regs[1]; + $author = sanitize_email($line); + if ( is_email($author) ) { echo "Author = {$author}

"; $author = $wpdb->escape($author); $result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");