Re: Re[2]: [PHP] Nonstandard SMTP line terminator
> From: "Ufuk M. Fakioglu" <[EMAIL PROTECTED]> > Here's the piece of code that composes and sends the e-mails: > > $row=mysql_fetch_array($sql); > $name=$row[1]; > $email=$row[2]; > $subject=$_POST["subject"]; Bad idea here. You're script is vulnerable to mail header injection attacks. Malicious users can send a multi-line subject and insert additional headers and/or content into your email messages. This will allow them to set false return paths, false content or have your server send out spam for them. Filter any newlines from $_POST['subject'] before you use it. > $msg=stripslashes($_POST["msg"]); > $msg=str_replace("RCPT_NAME", $name, $msg); > mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n". > "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n". > "Content-type: text/html; charset=iso-8859-9\r\n"); > > Could it be the SQL query returning the "nonstandard terminator"? > > How do I decide to use \n instead of \r\n? Have you tried just using \n in the headers you create above? What OS are you running? Are the error messages you're receiving from a specific OS? This doesn't really sound like a PHP issue. More like your mail server is sending out mail in a bad format (maybe by using \n instead of \r\n?)... ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re[2]: [PHP] Nonstandard SMTP line terminator
On Thu, 19 Aug 2004 21:33:22 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote: > Here's the piece of code that composes and sends the e-mails: > > $row=mysql_fetch_array($sql); > $name=$row[1]; > $email=$row[2]; > $subject=$_POST["subject"]; > $msg=stripslashes($_POST["msg"]); > $msg=str_replace("RCPT_NAME", $name, $msg); > mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n". > "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n". > "Content-type: text/html; charset=iso-8859-9\r\n"); > > Could it be the SQL query returning the "nonstandard terminator"? > > How do I decide to use \n instead of \r\n? > Check the manual and/or RFC and/or the package you end up using. > Thanks, > > Ufuk > > JP> On Thu, 19 Aug 2004 19:33:11 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote: > >> Hi, > >> > >> I am using mail() with php 4.3.8 on FreeBSD 4.10 to send bulk mail. > >> Although I use \r\n in the header parameters, some mail servers > >> respond with "Nonstandard SMTP line terminator." > >> > >> What can I do? > >> > > JP> If you send some code, perhaps we can help. Perhaps you should be > JP> using \n instead of \r\n? Or maybe anohter part of the message uses \n > JP> instead of \r\n? > > JP> Otherwise, you can look into a different mailing system. > JP> http://pear.php.net/package/Mail > JP> http://pear.php.net/package/Mail_mime > -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Nonstandard SMTP line terminator
Here's the piece of code that composes and sends the e-mails: $row=mysql_fetch_array($sql); $name=$row[1]; $email=$row[2]; $subject=$_POST["subject"]; $msg=stripslashes($_POST["msg"]); $msg=str_replace("RCPT_NAME", $name, $msg); mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n". "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n". "Content-type: text/html; charset=iso-8859-9\r\n"); Could it be the SQL query returning the "nonstandard terminator"? How do I decide to use \n instead of \r\n? Thanks, Ufuk JP> On Thu, 19 Aug 2004 19:33:11 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote: >> Hi, >> >> I am using mail() with php 4.3.8 on FreeBSD 4.10 to send bulk mail. >> Although I use \r\n in the header parameters, some mail servers >> respond with "Nonstandard SMTP line terminator." >> >> What can I do? >> JP> If you send some code, perhaps we can help. Perhaps you should be JP> using \n instead of \r\n? Or maybe anohter part of the message uses \n JP> instead of \r\n? JP> Otherwise, you can look into a different mailing system. JP> http://pear.php.net/package/Mail JP> http://pear.php.net/package/Mail_mime -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php