=== modified file 'modules/contact.module'
--- modules/contact.module	
+++ modules/contact.module	
@@ -157,6 +157,13 @@ function contact_mail_user() {
   }
 }
 
+function contact_mail_user_validate($form_id, $form) {
+  global $form_values;
+  if (preg_match("/\r|\n/", $form_values['subject']))
+    form_set_error('subject', t('The subject cannot contain linebreaks.'));
+  }
+}
+
 function contact_mail_user_submit($form_id, $edit) {
   global $user;
 
@@ -392,6 +399,13 @@ function contact_mail_page() {
 
 function contact_mail_page_validate($form_id, &$form) {
   global $form_values;
+  if (!valid_email_address($form_values['mail'])) {
+    form_set_error('mail', t('You must enter a valid e-mail address.'));
+  }
+  if (preg_match("/\r|\n/", $form_values['subject'])) {
+    form_set_error('subject', t('The subject cannot contain linebreaks.'));
+    watchdog('mail', 'Email injection exploit attempted in contact form subject: ' . check_plain($edit['subject']), WATCHDOG_NOTICE);
+  }
   if (!$form['cid']) {
     // Look if there is only one category
     $result = db_query('SELECT cid FROM {contact}');
@@ -402,10 +416,6 @@ function contact_mail_page_validate($for
     else {
       form_set_error('category', t('You must select a valid category.'));
     }
-
-    if (!valid_email_address($form['mail'])) {
-      form_set_error('mail', t('You must enter a valid e-mail address.'));
-    }
   }
 }