Email header injection in PHP
This blog has moved! Please click here to navigate to this entry.
The Musings of Harry
A somewhat nonrandom collection of Harry's thoughts that in no way constitute a blog
A somewhat nonrandom collection of Harry's thoughts that in no way constitute a blog
2 Comments:
Cool
I'm having a major problem with this.
This is my sendmail code, how would I change this to prevent bot's from injecting my code?
How are where do I put your sode and how do I test it?
$to = 'email@domain.com;
$subject = $_POST['subject']; $message = $_POST['message']; $from = $_POST['from']; $from_check = $_POST['from_check']; $full_name = $_POST['full_name']; $tel = $_POST['tel'];
$headers = "From: ". $_POST['from'] ."\r\n";
$headers .= "Reply-To: ". $_POST['from'] ."\r\n"; $message = "\nInformation Request: ".$message; $message .= "\nName: ".$full_name;
$message .= "\nTel Number: ".$tel;
$message .= "\nEmail address 2 (could be different): ".$from_check;
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $from)) { echo "Sorry info here"; echo "Click here to return"; }
elseif ($from_check <> $from) { echo "Info here.";
echo "Click here to return"; }
elseif(mail($to,$subject,$headers,$message)) { echo "$full_name"; echo "Your email has been sent, we will reply as soon as possible."; } else { echo "Cannot send email";
Thanks Ian
Post a Comment
<< Home