|
|
Posted by rcoan@chaparralboats.com on 03/01/07 15:47
Ok, used this:
$emailInput = array($to, $from, $cc, $bcc, $subject, $message);
$injections = array('to', 'from', 'cc', 'bcc');
foreach ($emailInput as $input)
{
$filtered = '';
foreach ($injections as $injection)
{
$filtered = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
$input);
}
if ($filtered != $input)
{
// we have detection
// track/log it
// if this were a function, return false;
}
}
and it seems to work. Is there any method of testing it that I can do
to make sure it is handling everything properly?
Yeah, I'm lazy Steve, just say whatever makes you feel better about
yourself. That's real professional.
Navigation:
[Reply to this message]
|