[Phpwm] PHP contact form enquiry
David Goodwin
david at codepoets.co.uk
Mon Apr 12 07:25:20 UTC 2010
Change $EmailFrom to be set to $_POST['email']
Note - if you're going to allow user supplied data to end up in headers and the subject, you really need to ensure you're using a fairly recent version of PHP - as older versions have a vulnerability whereby they won't stop someone supplying newlines, and your script can easily end up being the source of spam.
See e.g. http://www.damonkohler.com/2008/12/email-injection.html
David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/phpwm/attachments/20100412/b858d83f/attachment.htm
More information about the Phpwm
mailing list