subject:"Re\: \[PHP\] simple scrip to stop email injection"

Re: [PHP] simple scrip to stop email injection

2006-08-18 Thread Richard Lynch

On Thu, August 17, 2006 2:20 am, Ivo F.A.C. Fokkema wrote:

>> if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){
>>   die("Spammer!");

> preg_match("/[\r\n]/", ...

You are absolutely correct.

Sorry.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple scrip to stop email injection

2006-08-17 Thread Ivo F.A.C. Fokkema

On Wed, 16 Aug 2006 15:54:32 -0500, Richard Lynch wrote:

> On Wed, August 16, 2006 4:53 am, Ross wrote:
>>
>> Been having loads of problems with this and have solved it using the
>> phpmailer. The only problem is I cannot get the class working on the
>> remote
>> host I am working on. I am back to using mail() but need to drop in
>> script
>> that checks my fields $fname, $sname, $email, $subject, $message.
> 
> Checking for a NEWLINE in all but $message will stop MOST of the email
> injection.
> 
> if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){
>   die("Spammer!");
> }
> 
> I think preg_match allows array for 2nd arg...
> 
> Details.

Hi,

Shouldn't this be 

preg_match("/[\r\n]/", ...

considering this is OS specific and on Unix/Linux just a newline would do,
too? Most likely, on a Mac server, just \r would do as a header separator.
The MTA on the system will interpret the OS specific line endings,
and construct proper \r\n header separators before sending it out.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple scrip to stop email injection

2006-08-16 Thread Richard Lynch

On Wed, August 16, 2006 4:53 am, Ross wrote:
>
> Been having loads of problems with this and have solved it using the
> phpmailer. The only problem is I cannot get the class working on the
> remote
> host I am working on. I am back to using mail() but need to drop in
> script
> that checks my fields $fname, $sname, $email, $subject, $message.

Checking for a NEWLINE in all but $message will stop MOST of the email
injection.

if (preg_match("/\r\n/", array($fname, $sname, $email, $subject))){
  die("Spammer!");
}

I think preg_match allows array for 2nd arg...

Details.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple scrip to stop email injection

Re: [PHP] simple scrip to stop email injection

Re: [PHP] simple scrip to stop email injection

3 matches

Site Navigation

Mail list logo

Footer information