Re: [PHP] simple scrip to stop email injection
On Thu, August 17, 2006 2:20 am, Ivo F.A.C. Fokkema wrote: >> if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){ >> die("Spammer!"); > preg_match("/[\r\n]/", ... You are absolutely correct. Sorry. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple scrip to stop email injection
On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote: > On Wed, August 16, 2006 4:53 am, Ross wrote: >> >> Been having loads of problems with this and have solved it using the >> phpmailer. The only problem is I cannot get the class working on the >> remote >> host I am working on. I am back to using mail() but need to drop in >> script >> that checks my fields $fname, $sname, $email, $subject, $message. > > Checking for a NEWLINE in all but $message will stop MOST of the email > injection. > > if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){ > die("Spammer!"); > } > > I think preg_match allows array for 2nd arg... > > Details. Hi, Shouldn't this be preg_match("/[\r\n]/", ... considering this is OS specific and on Unix/Linux just a newline would do, too? Most likely, on a Mac server, just \r would do as a header separator. The MTA on the system will interpret the OS specific line endings, and construct proper \r\n header separators before sending it out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple scrip to stop email injection
On Wed, August 16, 2006 4:53 am, Ross wrote: > > Been having loads of problems with this and have solved it using the > phpmailer. The only problem is I cannot get the class working on the > remote > host I am working on. I am back to using mail() but need to drop in > script > that checks my fields $fname, $sname, $email, $subject, $message. Checking for a NEWLINE in all but $message will stop MOST of the email injection. if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){ die("Spammer!"); } I think preg_match allows array for 2nd arg... Details. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] simple scrip to stop email injection
Been having loads of problems with this and have solved it using the phpmailer. The only problem is I cannot get the class working on the remote host I am working on. I am back to using mail() but need to drop in script that checks my fields $fname, $sname, $email, $subject, $message. Regards, Ross -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php