/**
* Setter
*
* @param string $name Property name
* @param mixed $value Property value
*
* @return void
*/
public function set($name, $value)
{
if (in_array($name, array('to', 'from'), true)) {
/**
* Prevent the attack works by placing a newline character
* (represented by \n in the following example) in the field
* that asks for the user's e-mail address.
* For instance, they might put:
* joe@example.com\nCC: victim1@example.com,victim2@example.com
*/
$value = str_replace('\\t', "\t", $value);
$value = str_replace("\t", '', $value);
$value = str_replace('\\r', "\r", $value);
$value = str_replace("\r", '', $value);
$value = str_replace('\\n', "\n", $value);
$value = explode("\n", $value);
$value = $value[0];
}
parent::set($name, $value);
}
