On Thu, February 16, 2006 7:23 am, Martin E. Koss wrote:
> So far I'm able to remove bcc, cc, to, etc but unable to remove \n &
> \r.
I dunno why you are having trouble losing \r and \n, since it's not
tricky...
But forget all that, and consider this:
$Email = $_POST['Email'];
$Email = str_replace("\r", "\n", $Email);
$Email = explode("\n");
$Email = $Email[0];
if (trim($Email) !== trim($_POST['Email'])){
die("spammer");
}
$Email = trim($Email);
Now, whatever other crap headers they added, they're gone, and you can
safe go on with life, secure in the knowledge that $Email, even if
it's not valid, is at least not header-injected with all kinds of crap
you dont' want.
You should do this for all variables that get embedded into headers.
You can't do this on the Body, of course, so they still might be able
to trick things with a cleverly-composed $Email to set up the
Mime-type, and then an html "enhanced" (cough, cough) Body.
Assuming you don't allow HTML "enhanced" email in the first place, do:
$Body = striptags($_POST['Body']);
Should take care of it.
The advantage of this technique is that it doesn't just focus on the
headers you know are "bad" while possibly ignoring other headers
you're not aware of.
It forces the $Email to a single line, which cannot have multiple
headers in it.
Sort of like "whitelist" better than "blacklist"
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
