Re: [PHP] simple scrip to stop email injection

2006-08-18 Thread Richard Lynch 
On Thu, August 17, 2006 2:20 am, Ivo F.A.C. Fokkema wrote:

 if (preg_match(/\r\n/, array($fname, $sname, $email, $subject))){
   die(Spammer!);

 preg_match(/[\r\n]/, ...

You are absolutely correct.

Sorry.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple scrip to stop email injection

2006-08-17 Thread Ivo F.A.C. Fokkema 
On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote:

 On Wed, August 16, 2006 4:53 am, Ross wrote:

 Been having loads of problems with this and have solved it using the
 phpmailer. The only problem is I cannot get the class working on the
 remote
 host I am working on. I am back to using mail() but need to drop in
 script
 that checks my fields $fname, $sname, $email, $subject, $message.
 
 Checking for a NEWLINE in all but $message will stop MOST of the email
 injection.
 
 if (preg_match(/\r\n/, array($fname, $sname, $email, $subject))){
   die(Spammer!);
 }
 
 I think preg_match allows array for 2nd arg...
 
 Details.

Hi,

Shouldn't this be 

preg_match(/[\r\n]/, ...

considering this is OS specific and on Unix/Linux just a newline would do,
too? Most likely, on a Mac server, just \r would do as a header separator.
The MTA on the system will interpret the OS specific line endings,
and construct proper \r\n header separators before sending it out.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] simple scrip to stop email injection

2006-08-16 Thread Ross 

Been having loads of problems with this and have solved it using the 
phpmailer. The only problem is I cannot get the class working on the remote 
host I am working on. I am back to using mail() but need to drop in script 
that checks my fields $fname, $sname, $email, $subject, $message.


Regards,


Ross 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple scrip to stop email injection

2006-08-16 Thread Richard Lynch 
On Wed, August 16, 2006 4:53 am, Ross wrote:

 Been having loads of problems with this and have solved it using the
 phpmailer. The only problem is I cannot get the class working on the
 remote
 host I am working on. I am back to using mail() but need to drop in
 script
 that checks my fields $fname, $sname, $email, $subject, $message.

Checking for a NEWLINE in all but $message will stop MOST of the email
injection.

if (preg_match(/\r\n/, array($fname, $sname, $email, $subject))){
  die(Spammer!);
}

I think preg_match allows array for 2nd arg...

Details.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php