From 4c58cb8b95ffbf93c060d44b66677b0274914bef Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Sat, 17 Feb 2024 22:30:48 -0700
Subject: [PATCH] Block preloading of Path or Injection-Info headers.

---
 Rocksolid_Light/rslight/scripts/rslight-lib.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Rocksolid_Light/rslight/scripts/rslight-lib.php b/Rocksolid_Light/rslight/scripts/rslight-lib.php
index ae1c63a..5144168 100644
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@@ -355,6 +355,14 @@ function process_post($message, $group)
                 $ref = 0;
                 $sub = 0;
             }
+            if (stripos($line, "Path: ") === 0) {
+                $response = "441 Posting failed (Header preloading denied)\r\n";
+                return $response;
+            }
+            if (stripos($line, "Injection-Info: ") === 0) {
+                $response = "441 Posting failed (Header preloading denied)\r\n";
+                return $response;
+            }
             if (stripos($line, "Date: ") === 0) {
                 $finddate = explode(': ', $line);
                 $article_date = strtotime($finddate[1]);