darkfreaks Posted February 26, 2011 Share Posted February 26, 2011 okay so i have a slight problem. i have been testing my form with fake emails if i put something like CXZC@ff.ff in my email field i get an email with From : CXZC@ff.ff.cheatordie.com i do have a function called clean_string() that weeds out the following href|bcc|cc|to:|content-type can i add to this to weed something like this out? i already am using filter_vars validate_email filter and regex ontop of this and it is still happening. Quote Link to comment Share on other sites More sharing options...
trq Posted February 26, 2011 Share Posted February 26, 2011 clean_string doesn't happen to look like this does it? http://www.phpfreaks.com/forums/php-coding-help/email-security-form Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted February 26, 2011 Author Share Posted February 26, 2011 exactly does. i was thinking about using html purifier to santize i am not sure if that would work lots better or not. Quote Link to comment Share on other sites More sharing options...
trq Posted February 26, 2011 Share Posted February 26, 2011 That thread doesn't happen to be another of your does it? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted February 26, 2011 Author Share Posted February 26, 2011 no i only have one username. i just happened to use the same tutorial. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted February 26, 2011 Author Share Posted February 26, 2011 i have since used this to help but i think it only removes all XSS injection from the form. $email_from = clean_string($purifier->purify($_POST['email_from'])); but it does not stop header injection completely. if i enter the above email i get Reply-To: email@cheatordie.com From: email@cheatordie.com sent from: host.cheatordie.com Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.