Re: A way to block SMTP injections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry, assume $email_address is already set - it's me, 'brian@xxxxxxxxxxxxxxxx'.

My typo on the '\r\n' should be "\r\n".


I created a simple mail form and am blocking SMTP injections like
this. Seems like it ought to be 100% foolproof, AFAIK you can't
complete and SMTP injection with a Content-Type header in there. Any
opinions?

$body = 'Name: '.$_POST['name'].'\r\n';
$body = $body.'Phone: '.$_POST['phone'].'\r\n';
$body = $body.'Email: '.$_POST['email'].'\r\n';
$body = $body.'Comment: '.$_POST['comment'];
if(!strpos(strtolower($body), 'content-type')) {
	mail($email_address, "Site Feedback", $body, "From:
".$email_address);
}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux