Posted by Michael Fesser on 10/27/07 21:03
..oO(Sanders Kaufman)
>"Bill H" <someone@somedomain.com> wrote in message
>news:VradnVdP25-dFL7anZ2dnUVZ_rCtnZ2d@comcast.com...
>> I've changed our web site to use a simple PHP script to send a demo
>> request to our sales office. We use Postfix and everything is set up
>> properly and works fine. I've been informed there are some security
>> issues to review.
>
>Since you do ZERO checking on the values it's nothing BUT security issues.
The user-submitted values are used only in the mail body. All the
headers are hard-wired in the script, so there's no way to inject some
more.
>You should never pass user-submitted data to mail or data bases without
>validating it.
Correct. And indeed the script has a lot of problems, but these are not
related to PHP - it's all the JS stuff:
* The JS code itself is invalid HTML.
* Proper redirects have to be done server-side, in case of PHP with a
header() call to send the appropriate HTTP status code and headers.
* Relying on JS-validation only is stupid and often dangerous. In this
case it's (luckily) not a security issue, but might still lead to empty
emails. Validation _must always_ be done on the server, JS can always
only be an addition.
* A proper form handler should redisplay the same form in case of an
error instead of relying on ugly and unreliable client-side behaviours.
So I would start with removing (or at least commenting-out) all the JS
thingies and thinking about server-side error handling.
Micha
[Back to original message]
|