|
Posted by Philip Ronan on 01/24/06 18:42
cover wrote:
> On Tue, 24 Jan 2006 09:59:22 +0100, "J.O. Aho" <user@example.net>
> wrote:
>
> Did the trick - thanks :-)
>
>> <?php
>> @extract($_POST);
>> /* > $from = stripslashes($from); */
>> $from = stripslashes($from)."\r\n";
>> $to = stripslashes($to);
>> $subject = stripslashes($subject);
>> $message = stripslashes($message);
>> /* > mail('$to',$from,$subject,$message); */
>> mail($to,$subject,$message,$from);
>> header("location:process.php");
>> ?>
Before you rest on your laurels, please read up on email header injection.
Your script is a potential spam factory.
<http://securephp.damonkohler.com/index.php/Email_Injection>
You might also want to replace "\r\n" with "\n" in the additional headers. I
know this isn't what it says in the RFCs, but it's the de facto standard now.
If you put carriage returns into the header of an email, it's more likely to
be flagged as spam.
--
philronan [@] blueyonder [dot] co [dot] uk
Navigation:
[Reply to this message]
|