[Phpwm] Securing feedback forms
David Johnson
dj at david-web.co.uk
Wed Nov 1 10:57:31 GMT 2006
On Tuesday 31 October 2006 19:08, David Goodwin wrote:
>
> The nasty characters, when using mail() is \r\n (as far as I know) which
> results in a new line being entered when the mail is passed to sendmail
> - which leads to header injection (e.g. cc, bcc etc)
>
> So, strip_tags and trim isn't enough. And addslashes is probably
> useless/pointless in this context.
According to the PHP site, trim should remove control characters like \r and
\n, but evidently it isn't doing :-(
> There's a great article online which covers this - namely :
>
> http://www.securephpwiki.com/index.php/Email_Injection
>
> One way around the problem, is to use PEAR::Mail instead.
>
Thanks, I'll take a look at those.
Cheers,
David.
More information about the Phpwm
mailing list