|
|
Posted by Manuel Lemos on 11/18/05 02:15
Hello,
on 11/11/2005 09:03 AM Simon said the following:
> I was looking at mail injection,
> http://securephp.damonkohler.com/index.php/Email_Injection
>
> And I was wondering if my mail(...) was safe.
>
> I ask in a form for
> 1 Name
> 2 Email address
> 3 Subject
> 4 Comment/Message
>
> I then build one message by putting all of the above together.
> So even if there was injection, it is all in the body of my message, right?
>
> I then use mail(...) as per normal with my hard coded "To:" and "Subject:"
>
> Is that a fairly safe way?
>
> How should I parse my form to prevent malicious code, (Script? eval?)
Message headers should be encoded with q-encoding (a variant of
quoted-printable encoding for headers). If you do not know how to encode
the messages properly, you may want to try this MIME message class that
can do it for you safely:
http://www.phpclasses.org/mimemessage
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
Navigation:
[Reply to this message]
|