Richard Lynch wrote:
> <?php
> if (isset($_REQUEST['email'])){
> $success = mail($_REQUEST['action'], 'un/subscribe',
> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
> $_REQUEST[email]");
> if ($success) echo "Status Change Sent";
> else echo "Unable to send Status Change";
> }
> ?>
What if someone submitted:
action = poor_spam_victim@xxxxxxxxxxx
email = you@xxxxxxxxxxx\r\n\r\nA long winded evil spam message here
?
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
