Hello,
On 07/15/2004 10:25 PM, Jordi Canals wrote:
Dennis Gearon wrote:
> remove carriage returns to prevent embedded email directives
In an other thread, I readed that sentence. I'm interested to find more information about that. I have some mail forms and want to make them as secure and possible, but do not know about what and where should I filter.
Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section).
For SMTP, all lines should be ended with CR+LF, or else messages may be discarded by spam filters or other programs. However, if you use the mail() function it may do some filtering on its own.
Anyway, you may want to take a look at this SMTP class to check how it filters message lines sent by SMTP:
http://www.phpclasses.org/smtpclass
--
Regards, Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
