Posted by "Sandy Keathley" on 10/21/45 11:33

My company uses a home-grown formmail script for clients
<groan>, and someone is using curl to inject HTTP headers and
spam email addresses, and turn it into an open relay. Yes, I know
the right answer is to not use a formmail, but I don't make the rules
here.

Is there a way to detect that a script is being accessed by curl, and
not by a browser? ENV ($_SERVER) variables won't work, as
those can be forged.

Thanks.

Sandy Keathley

• Next in forum: Re: [PHP] PHP on Mobile Devices(Pocket PC specifically)
• Prev in forum: Re: [PHP] checkboxes
• Thread view: XSS via curl

[Reply to this message]