Posted by juglesh on 11/02/45 11:32

Manuel Lemos wrote:
> Hello,
>
> on 11/17/2005 11:55 PM juglesh said the following:
> >>> How should I parse my form to prevent malicious code, (Script? eval?)
> >> Message headers should be encoded with q-encoding (a variant of
> >> quoted-printable encoding for headers). If you do not know how to encode
> >> the messages properly, you may want to try this MIME message class that
> >> can do it for you safely:
> >>
> >> http://www.phpclasses.org/mimemessage
> >
> > I asked you about mail injection visavis mimemessage class before, but
> > got an answer that I did not understand 8)
> >
> > do you need to filter user supplied data prior to sending it thru
> > mimemessage?
>
> No, after you pass the data to the class for headers or body parts, it
> is encoded properly so certain characters are escaped to remove their
> special meaning that could be exploited.
>
> Only some functions that take e-mail address do not do anything with
> those address. So, you should validate those addresses with a regular
> expression or something more complete like this other class:
>
> http://www.phpclasses.org/emailvalidation

k, thanx!

• Next in forum: Re: The Power of the Pixel; 5 Years of Advertising at Only a Fraction of the Normal Cost.
• Prev in forum: Re: Apache not recognising http://localhost from browser
• Thread view: Re: mail() injection, am i safe?

[Reply to this message]