Postie Plugin

From Joseph Luis Wiki

Jump to: navigation, search

Back to the TOC

As Oct. 2012 the Postie Plugin required the following change in postie_getmail.php

if(preg_match("@((%3C|<)/?script|<meta|document\.|\.cookie|\.createElement|onload\s*=|(eval|base64)\()@is",$email)){
	echo "possible XSS attack - ignoring email\n";
	continue;
}

Retrieved from "http://wiki.josephluis.com/index.php?title=Postie_Plugin&oldid=271"