Re: email injection query — PHP Programming Language

You are here: Re: email injection query « PHP Programming Language « IT news, forums, messages

Posted by Michael Fesser on 12/05/06 18:55

..oO(mantrid)

>The function I have uses eregi()

eregi() should be avoided. The preg_* functions are faster and much more
flexible. Additionally in PHP 6 the ereg extension will be removed from
the core and moved to PECL, so it might not be available by default.

>to check POST data for "cc:" and "subject:"
>what other checks should I be using in my function to tighten my security
>further?

I wouldn't check for any particular header field at all, but for all
kinds of line breaks, which are required to inject malicious headers.

Micha

Navigation:

Next in forum: Updated SNMP support for Win32?
Prev in forum: Re: domxml->dump_file formats
Thread view: Re: email injection query

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация