OZONE Asylum
Forums
Server-Side Scripting - Oh my!
Email in PHP
This page's ID:
28047
Search
QuickChanges
Forums
FAQ
Archives
Register
Edit Post
Who can edit a post?
The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.
Your User Name:
Your Password:
Login Options:
Remember Me On This Computer
Your Text:
Insert Slimies »
Insert UBB Code »
Close
Last Tag
|
All Tags
UBB Help
Whatever your testing brings: Don't use this form as it is. It is easily affected by an attack, namely [url=http://www.jellyandcustard.com/2006/02/24/email-header-injection-in-php/]'newline/header' injection.[/url] See, if I put "myemail@somewhere.com\r\nCC: anotherEmail@somewhere.com\r\n\r\nThis is the real Spam." in $_POST['email'] (you should really be using $_POST. $HTTP_POST_VARS is deprecated), boom, instant open relay on your webserver. (\r\n\r\n seperates your mail header from your mailbody.) You really really need to verify any incoming data, and in this case, not only make sure it's set, also make sure it does not contain linebreaks of any kind (just checking for \r\n won't be enough. Some mailservers will also accept just \n there). So long, ->Tyberius Prime
Loading...
Options:
Enable Slimies
Enable Linkwords
« Backwards
—
Onwards »
Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
***WARNING*** BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail