Re: How to not be abused by mail form injectors?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/6/06, Peter Lauri <lists@xxxxxxxxxxx> wrote:
Hi,



Are there any general protection methods to minimize the risk of robots
using your mailing forms as spam senders?


Yes, validate and escape data properly, the most important thing you
want to protect is anything that goes into the $headers or
$additional_headers.

in the headers field, you want to be sure that the values dont inject
others so if you'd do something like:

$my_cc = preg_replace('/(\r?\n)', '$1  ', $_POST['CC']);
$headers = ''Cc: $my_cc\r\n"

$my_header = preg_replace('/(\r?\n)', '$1  ', $POST['MyHeader']);
$headers = ''MyHeader: $my_header\r\n"

Which should protect any injection of headers.

I would never even consider any user input being put into $additional_headers.


Curt.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux