Jordi Canals wrote:
After the big threat that followed my question, just want to say a couple of things:Dennis Gearon wrote:
> remove carriage returns to prevent embedded email directives
In an other thread, I readed that sentence. I'm interested to find more information about that. I have some mail forms and want to make them as secure and possible, but do not know about what and where should I filter.
Should I filter all CR and LF Just in headers or also I should do that in the message body? (Which is sent in the SMTP DATA section).
I only wanted to know how to prevent embedded email directives sent by user, and if this directives can be found in the Headers or in the Body of message.
I normally use the mail() function (In Linux) and rarely use any class to send mail. Just because all e-mail I send from a website normally is plain text with no attachments. Even sending mails in HTML had no problems if we follow the standards.
The only problem I had with the function, was with a windows site and about bad header composition. I can see this is the only bug opened and assigned related to the mail function (http://bugs.php.net/bug.php?id=28038). Hope Wez will correct it some day ;)
Except this case, the mail() function always worked for me.
Regards, Jordi Canals
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
