I installed new tiki on my server. In configuration set validation new user...
When I create new account, validation mail don't delivered to me. In server log has:
Logs: error client 126.96.36.199 alert - mail() - newline in subject header, possible injection, mail dropped (attacker 188.8.131.52', file '/home/tiki/lib/webmail/htmlMimeMail.php', line 734), referer: http://city.org/tiki/tiki-register.php
I checked variables in this line and I found \n (newline) sign on end sentence in $subject.
Why code is not protect before sings excluded in RFC 2047?