diff --git a/htdocs/core/class/CMailFile.class.php b/htdocs/core/class/CMailFile.class.php index 70436641fa4..5396c324c65 100644 --- a/htdocs/core/class/CMailFile.class.php +++ b/htdocs/core/class/CMailFile.class.php @@ -322,11 +322,11 @@ class CMailFile } $this->subject = $subject; - $this->addr_to = $to; - $this->addr_from = $from; + $this->addr_to = dol_sanitizeEmail($to); + $this->addr_from = dol_sanitizeEmail($from); $this->msg = $msg; - $this->addr_cc = $addr_cc; - $this->addr_bcc = $addr_bcc; + $this->addr_cc = dol_sanitizeEmail($addr_cc); + $this->addr_bcc = dol_sanitizeEmail($addr_bcc); $this->deliveryreceipt = $deliveryreceipt; if (empty($replyto)) { $replyto = $from; @@ -341,7 +341,7 @@ class CMailFile $this->cid_list = $cid_list; if (!empty($conf->global->MAIN_MAIL_FORCE_SENDTO)) { - $this->addr_to = $conf->global->MAIN_MAIL_FORCE_SENDTO; + $this->addr_to = dol_sanitizeEmail($conf->global->MAIN_MAIL_FORCE_SENDTO); $this->addr_cc = ''; $this->addr_bcc = ''; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 16310f3c813..4083a95002d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -1314,6 +1314,22 @@ function dol_sanitizeUrl($stringtoclean, $type = 1) return $stringtoclean; } +/** + * Clean a string to use it as an Email. + * + * @param string $stringtoclean String to clean. Example 'abc@mycompany.com ' + * @return string Escaped string. + */ +function dol_sanitizeEmail($stringtoclean) +{ + do { + $oldstringtoclean = $stringtoclean; + $stringtoclean = str_ireplace(array('"', ':', '[', ']',"\n", "\r", '\\', '\/'), '', $stringtoclean); + } while ($oldstringtoclean != $stringtoclean); + + return $stringtoclean; +} + /** * Clean a string from all accent characters to be used as ref, login or by dol_sanitizeFileName *