On Fri, Nov 18, 2005 at 05:06:36PM -0800, Ligaya Turmelle wrote:
$message - yes
---
This usually can go without any special escaping, unless you have
certain headers (the Boundary: header) or allow an injection into
the $additional_headers field. If this is the case a malicious
Hello,
When using the mail() function to send a simple mail message, which
specific parameters of the function need to cleaned to prevent mail
injection?
First of all I am already validating the $to parameter to be a valid
email address.
After reading
On Thu, Nov 17, 2005 at 07:10:06PM -0500, Chris Drozdowski wrote:
Hello,
When using the mail() function to send a simple mail message, which
specific parameters of the function need to cleaned to prevent mail
injection?
This is a good topic. I'm in the process of writing an article on
$message - yes
---
This usually can go without any special escaping, unless you have
certain headers (the Boundary: header) or allow an injection into
the $additional_headers field. If this is the case a malicious
user could attach a virus to be sent anonymously.
Shouldn't you
4 matches
Mail list logo