|
|
Posted by Philip Ronan on 11/14/05 21:11
"juglesh" wrote:
>
> Simon wrote:
>>
>> Almost everything is hard coded, (the 'to' and the 'subject').
>>
>> and the header is
>>
>> "Reply-To: webmaster@example.com."\n" .
>> "From: webmaster@example.com."\n" .
>> "Return-Path: webmaster@example.com."\n" .
>> "MIME-Version: 1.0\n".
>> "Content-type: text/plain; charset=iso-8859-1\n".
>> "Content-transfer-encoding: 8bit\n".
>> "Date: " . date('r', time()) . "\n".
>> "X-Priority: 3\n".
>> "X-MSMail-Priority: Normal\n".
>> "X-Mailer: PHP/" . phpversion();
>
> next comes the $message. if the message was
> \n bcc: unlucky1@recipient.com, unlucky2@adslfkj.com, \n
> lemme tell ya bout these blue pills...
The php mail() function doesn't work like that. Additional headers are
passed as a separate parameter to the mail() function. There is no need to
add extra linebreaks at the beginning of the body text; PHP will do this
anyway.
If the headers have all been hard-coded like in Simon's example, then the
script is safe. There is no way the POST data can be rigged to insert
additional headers into the email.
--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/
Navigation:
[Reply to this message]
|