Hi,
If I'm taking an URL as user input from in a form, and then emailing
that URL back to them as part of a larger message, how do I ensure that
no-one sends anything strange to run shell commands through sendmail?
Could anyone confirm that mail() or even sendmail does take precautions
against shell commands being executed in the message body of the email?
If not, is there an easy way to remove everything except
":","/",".","a-Z","0-9"? I've written very complicated things in the
past and I'm sure there must be an easier way!!!
I've already made sure it's not possible to abuse sendmail with the
user's email address, but I'm still nervous.
Thanks!
--
Beth Gore
http://www.habitformer.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- Re: [PHP] Sendmail Security Beth Gore
- Re: [PHP] Sendmail Security Timothy Hitchens (HiTCHO)
