Posted by Manuel Lemos on 11/18/05 05:27

Hello,

on 11/17/2005 11:55 PM juglesh said the following:
>>> How should I parse my form to prevent malicious code, (Script? eval?)
>> Message headers should be encoded with q-encoding (a variant of
>> quoted-printable encoding for headers). If you do not know how to encode
>> the messages properly, you may want to try this MIME message class that
>> can do it for you safely:
>>
>> http://www.phpclasses.org/mimemessage
>
> I asked you about mail injection visavis mimemessage class before, but
> got an answer that I did not understand 8)
>
> do you need to filter user supplied data prior to sending it thru
> mimemessage?

No, after you pass the data to the class for headers or body parts, it
is encoded properly so certain characters are escaped to remove their
special meaning that could be exploited.

Only some functions that take e-mail address do not do anything with
those address. So, you should validate those addresses with a regular
expression or something more complete like this other class:

http://www.phpclasses.org/emailvalidation


--

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

[Back to original message]