* Thus wrote Manuel Lemos: > Hello, > > On 07/15/2004 10:25 PM, Jordi Canals wrote: > >Dennis Gearon wrote: > > > > > remove carriage returns to prevent embedded email directives > > > >In an other thread, I readed that sentence. I'm interested to find more > >information about that. I have some mail forms and want to make them as > >secure and possible, but do not know about what and where should I filter. > > > >Should I filter all CR and LF Just in headers or also I should do that > >in the message body? (Which is sent in the SMTP DATA section). > > For SMTP, all lines should be ended with CR+LF, or else messages may be > discarded by spam filters or other programs. However, if you use the > mail() function it may do some filtering on its own.
The mail() function does not do any filtering. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php