Re: Newbie Form Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Better yet, don't allow the user to enter a From address.  Simply give
them subscribe and unsubscribe radio buttons, and make sure the
un/subscribe-ee gets a confirmation email.  And certainly check your
input fields for newlines.  :)

On 8/7/06, Richard Lynch <ceo@xxxxxxxxx> wrote:
On Mon, August 7, 2006 2:37 am, David Dorward wrote:
> Richard Lynch wrote:
>
>> <?php

switch($_REQUEST['email']){
  case 'subscribe@xxxxxxxxxxxxx':
  case 'unsubscribe@xxxxxxxxxxxxx':
    //Do nothing.
  break;
  default:
    die("Hack attempt.");
  break;
}

>>   if (isset($_REQUEST['email'])){
>>     $success = mail($_REQUEST['action'], 'un/subscribe',
>> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
>> $_REQUEST[email]");
>>     if ($success) echo "Status Change Sent";
>>     else echo "Unable to send Status Change";
>>   }
>> ?>
>
> What if someone submitted:
>
> action = poor_spam_victim@xxxxxxxxxxx
>
> email = you@xxxxxxxxxxx\r\n\r\nA long winded evil spam message here
>
> ?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux