timmy0320 Posted April 10, 2008 Share Posted April 10, 2008 Just a quick question on header injections for contact forms online. Let's say I am having users contact me and instead of putting their email email address in a Reply-to or from address it will all be hard-coded and everything that they input will be placed in the body. Is there any measures I have to take to ensure that my headers get injected or should I be good with hard coding it? It's just for me so I'm not too worried about having their email address as a "Reply" but if anyone also has good tutorials or articles that teach about header injections please post! I've read a couple so far but they only seem to filter out some of the headers, etc. Link to comment https://forums.phpfreaks.com/topic/100472-header-injections/ Share on other sites More sharing options...
obsidian Posted April 10, 2008 Share Posted April 10, 2008 Read this overview of SMTP injection[/ur]. If you don't sanitize your user inputs properly, they can actually overwrite hard coded headers because of the way the mail function processes. This article should give you some ideas on how to be sure to keep from being subject to SMTP injection. Link to comment https://forums.phpfreaks.com/topic/100472-header-injections/#findComment-513817 Share on other sites More sharing options...
timmy0320 Posted April 10, 2008 Author Share Posted April 10, 2008 I read that, it pretty much says if I'm inserting any input into the headers which I won't be. But I will be sure to use that check anyways just for extra precautions and use a replace function to replace \r or \n with blank entries. Link to comment https://forums.phpfreaks.com/topic/100472-header-injections/#findComment-513892 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.