Hi Mike,
Thought I'd try your protection code.
In $bad = array("\n","\r","\0",",");
I can see why the "\n" "\r" are there.
but what is the "\0" for?
Thanks, Bob.
----- Original Message -----
From: "Mike Brandonisio" <[EMAIL PROTECTED]>
To: <php-list@yahoogroups.com>
Sent: Sunday, January 22, 2006 4:50 PM
Subject: Re: [php-list] Preventing spam drones from abusing our mail scripts
> <?php
>
> // email injection clean up.
> function safermail($to,$subject,$body,$from)
> {
> $bad = array("\n","\r","\0",",");
> $good = "?";
> $to = str_replace($bad,$good, $to);
> $subject= str_replace($bad,$good, $subject);
> $from = str_replace($bad,$good, $from);
> $addlhdr = "From: $from\r\nReply-To: $from\r\n";
> return mail ( $to, $subject, $body , $addlhdr );
> }
> //mail( "[EMAIL PROTECTED]", $subject, $body, "From: $email" );
> safermail( "[EMAIL PROTECTED]", $subject, $body, $email );
>
> ?>
>
> Basically you are removing the ability to send more than one email at
> time. So if a spam bot enters email, email, email, email,
> email ...etc the script removes the delimitor and replaces it with an
> illegal '?' so that your email server will through a parsing error
> and not send any email from the current request due to a malformed TO
> or CC or BBC.
Community email addresses:
Post message: php-list@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
