Posted by l3vi on 11/21/06 21:19

affiliateian@gmail.com wrote:
> J.O. Aho wrote:
> > It's not true, if you allow users to enter a FROM field which you then
> > directly without any filtering do assign to the mail() functions fourth input
> > variable, then they can use CC and BCC to send the mail to whom ever they want.
>
> Hey JO, let me do more reading on your link:
> http://www.php.net/manual/en/function.mail.php
>
> As for injecting CC and BCC headers, can I manually set my headers in
> the php script with no addresses in the cc field. Would this help?
>
> $headers .= 'Cc:' . "\r\n";
>
> Basically, trying to tell the script NOT to cc ot bcc anyone even those
> spammers could be trying to push this content through. Does that make
> sense?

Check the above link I posted! I does everything you need, want, and
more...

• Next in forum: Re: Lost formatting in browser 'view source'
• Prev in forum: Re: Preventing spammers from using mail script
• Thread view: Re: Preventing spammers from using mail script

[Reply to this message]