[Phpwm] Securing feedback forms

David Goodwin david at codepoets.co.uk
Wed Nov 1 11:46:52 GMT 2006


David Johnson wrote :
> On Tuesday 31 October 2006 19:08, David Goodwin wrote:
> >
> > The nasty characters, when using mail() is \r\n (as far as I know) which
> > results in a new line being entered when the mail is passed to sendmail
> > - which leads to header injection (e.g. cc, bcc etc)
> >
> > So, strip_tags and trim isn't enough. And addslashes is probably
> > useless/pointless in this context.
> 
> According to the PHP site, trim should remove control characters like \r and 
> \n, but evidently it isn't doing :-(
> 

Ah, I'd expect trim to only work on whitespace at teh start or end of a string, 
and not on the stuff inbetween.... 


-- 
David Goodwin 

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]



More information about the Phpwm mailing list