The function secf_check_sqli_all(); checks all the headers and, it is true that in the From Name header check, the double quotes are omitted, but I forgot to omit the single quotes, maybe because in my country it is not common to use it in the name.
Double quotes are ignored in From Name by the function secf_get_from
only if they are located at the first or last position of the string. Appart from first and last chars, From Name is is checked with sf_check_sqli
as other fields. Here I suggest to completly remove single quote check in From Name.
Are still OK to remove single quote check in From Name ? And maybe in To Name? Or do we need flags as proposed by @henningw earlier ?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.