>>>>> "Will" == Will Bontrager <[EMAIL PROTECTED]> writes:
Will> exit if $FORM{email} =~ /[EMAIL PROTECTED]@/s; Once again, a bad regex for checking an address. A "local part" of an email (the part to the left of the '@') *can* have an "@" as well. This is a legal address, if I recall correctly: [EMAIL PROTECTED]@stonehenge.com Will> Another method is to target any form field that will be used in any Will> email header line (name, email, subject, whatever). The form field Will> contains a junk value plus a line feed plus Cc: or Bcc: plus a whole Will> list of email addresses, plus two line feeds, plus the hijacker's Will> email body message. The following line can detect line feeds in a form Will> field value: Will> exit if $FORM{subject} =~ /(?:[\n\r]|\%0[ad])+/si; Uh, by the time you process your form element, there shouldn't *be* any %0a or %0d there. Also, % doesn't need to be backwhacked. This regex looks cargo-culted... {sigh}. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>