On 12/6/06, Peter Lauri <[EMAIL PROTECTED]> wrote:
Hi,
Are there any general protection methods to minimize the risk of robots
using your mailing forms as spam senders?
Yes, validate and escape data properly, the most important thing you
want to protect is anything that goes into the $headers or
$additional_headers.
in the headers field, you want to be sure that the values dont inject
others so if you'd do something like:
$my_cc = preg_replace('/(\r?\n)', '$1 ', $_POST['CC']);
$headers = ''Cc: $my_cc\r\n"
$my_header = preg_replace('/(\r?\n)', '$1 ', $POST['MyHeader']);
$headers = ''MyHeader: $my_header\r\n"
Which should protect any injection of headers.
I would never even consider any user input being put into $additional_headers.
Curt.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
