[Phpwm] Securing feedback forms
David Goodwin
david at codepoets.co.uk
Wed Nov 1 11:46:52 GMT 2006
David Johnson wrote :
> On Tuesday 31 October 2006 19:08, David Goodwin wrote:
> >
> > The nasty characters, when using mail() is \r\n (as far as I know) which
> > results in a new line being entered when the mail is passed to sendmail
> > - which leads to header injection (e.g. cc, bcc etc)
> >
> > So, strip_tags and trim isn't enough. And addslashes is probably
> > useless/pointless in this context.
>
> According to the PHP site, trim should remove control characters like \r and
> \n, but evidently it isn't doing :-(
>
Ah, I'd expect trim to only work on whitespace at teh start or end of a string,
and not on the stuff inbetween....
--
David Goodwin
[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk ]
More information about the Phpwm
mailing list