|
|
Posted by Steve on 02/28/07 21:58
"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1172699418.819789.152550@8g2000cwh.googlegroups.com...
| On 28 Feb, 21:25, "r...@chaparralboats.com" <r...@chaparralboats.com>
| wrote:
| > > I assume you rename the contact.html to contactform.php
| >
| > When you assume you really make an ass out of me!! haha!!! Thank you
| > sooooooooo much, everything works now!!!! Now I just have to work on
| > the security aspect of it!!
| >
| > I can't believe I fiddled with this for two days and all I had to do
| > was change .html to .php jeeezzzz!!!! I take back everything I said
| > before about feeling stupid.. NOW I reaalllyyy feeelll retarded!!!
| > dee-de-deeeee
| >
| > Ok, now on to security measures.... Could someone explain to me what
| > this code does, how it secures the emails and where in my code I
| > should implement it?
| >
| > $emailInput = array($to, $from, $cc, $bcc, $subject, $message);
| > $injections = array('to', 'from', 'cc', 'bcc');
| > foreach ($emailInput as $input)
| > {
| > foreach ($injections as $injection)
| > {
| > $input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
| > $input);
| > }
| >
| > }
|
| this code should be used just before the mail function, all it does,
| is to enforce the format of each "header" - a header here just means
| To: email@email.com
| From: me@home.com
| rather like the headers of an HTTP request
| etc... the part before the : cprresponds to $to $from etc.. the part
| afterwards to the value
| of $to $from etc...
| so that it won't allow the value of one header to actually be two
| headers together - which would smuggle in more BCC address rather than
| the single value you wanted to allw.
| Its a neat method.
why thank you...i threw it together in about as much time as it took me to
type it. ;^)
cheers
Navigation:
[Reply to this message]
|