while (!tny_iterator_is_done (iter)) {
TnyMimePart *part = TNY_MIME_PART (tny_iterator_get_current (iter));
- if (part && !g_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
+ if (part && !g_ascii_strcasecmp (tny_mime_part_get_content_type (part), "multipart/related")) {
related_part = part;
break;
}
get_new_to (TnyMsg *msg, TnyHeader *header, const gchar* from,
ModestTnyMsgReplyMode reply_mode)
{
+ const gchar *reply_header = "Reply-To:";
+ const gchar *from_header = "From:";
gchar* old_reply_to;
gchar* old_from;
gchar* new_to;
old_reply_to = modest_tny_mime_part_get_header_value (TNY_MIME_PART(msg),
"Reply-To");
old_from = tny_header_dup_from (header);
-
+
if (!old_from && !old_reply_to) {
g_debug ("%s: failed to get either Reply-To: or From: from header",
__FUNCTION__);
return NULL;
}
-
+
+ /* Prevent DoS attacks caused by malformed emails */
+ if (old_from)
+ old_from = modest_text_utils_get_secure_header (old_from,
+ from_header);
+ if (old_reply_to)
+ old_reply_to = modest_text_utils_get_secure_header (old_reply_to,
+ reply_header);
+
/* for mailing lists, use both Reply-To and From if we did a
* 'Reply All:'
* */
pair = TNY_PAIR (tny_iterator_get_current (iterator));
name = tny_pair_get_name (pair);
- if (!g_strcasecmp (name, "References")) {
+ if (!g_ascii_strcasecmp (name, "References")) {
if (l_references) g_free (l_references);
l_references = g_strdup (tny_pair_get_value (pair));
- } else if (!g_strcasecmp (name, "In-Reply-To")) {
+ } else if (!g_ascii_strcasecmp (name, "In-Reply-To")) {
if (l_in_reply_to) g_free (l_in_reply_to);
l_in_reply_to = g_strdup (tny_pair_get_value (pair));
- } else if (!g_strcasecmp (name, "Message-ID")) {
+ } else if (!g_ascii_strcasecmp (name, "Message-ID")) {
if (l_message_id) g_free (l_message_id);
l_message_id = g_strdup (tny_pair_get_value (pair));
}
projects / modest / blobdiff