On Thu, 03 Nov 2005 21:17:39 -0500, John Taylor-Johnston wrote: > Ok, you are all used to working with register_gloabsl=off. > > mail($to, stripslashes($subject), wordwrap($message, 60), "From: > $from\r\n"); > > I change this line to: > > mail($to, stripslashes($_POST["subject"]), wordwrap($_POST["message"], > 60), "From: $_POST["from"]\r\n");
You do realize you have an open relay. I can send in the post data: &subject=I%20Love%20Your&from=something\r\nBCC:moreaddresses&message=a_mime_encoded_virus Dont trust tainted variables, you should really fix that. Curt. -- http://news.zirzow.dyndns.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
