I created a simple mail form and am blocking SMTP injections like
this. Seems like it ought to be 100% foolproof, AFAIK you can't
complete and SMTP injection with a Content-Type header in there. Any
opinions?
$body = 'Name: '.$_POST['name'].'\r\n';
$body = $body.'Phone: '.$_POST['phone'].'\r\n';
$body = $body.'Email: '.$_POST['email'].'\r\n';
$body = $body.'Comment: '.$_POST['comment'];
if(!strpos(strtolower($body), 'content-type')) {
mail($email_address, "Site Feedback", $body, "From: ".$email_address);
}
Too simple to be true?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
