On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote:
> On Wed, August 16, 2006 4:53 am, Ross wrote:
>>
>> Been having loads of problems with this and have solved it using the
>> phpmailer. The only problem is I cannot get the class working on the
>> remote
>> host I am working on. I am back to using mail() but need to drop in
>> script
>> that checks my fields $fname, $sname, $email, $subject, $message.
>
> Checking for a NEWLINE in all but $message will stop MOST of the email
> injection.
>
> if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){
> die("Spammer!");
> }
>
> I think preg_match allows array for 2nd arg...
>
> Details.
Hi,
Shouldn't this be
preg_match("/[\r\n]/", ...
considering this is OS specific and on Unix/Linux just a newline would do,
too? Most likely, on a Mac server, just \r would do as a header separator.
The MTA on the system will interpret the OS specific line endings,
and construct proper \r\n header separators before sending it out.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
