email field help(sanitization fail)

darkfreaks · February 26, 2011

okay so i have a slight problem. i have been testing my form with fake emails if i put something like [email protected] in my email field i get an email with

From : [email protected]

i do have a function called clean_string() that weeds out the following

href|bcc|cc|to:|content-type

can i add to this to weed something like this out?

i already am using filter_vars validate_email filter and regex ontop of this and it is still happening.

trq · February 26, 2011

clean_string doesn't happen to look like this does it?

http://www.phpfreaks.com/forums/php-coding-help/email-security-form

darkfreaks · February 26, 2011

exactly does. i was thinking about using html purifier to santize i am not sure if that would work lots better or not.

trq · February 26, 2011

That thread doesn't happen to be another of your does it?

darkfreaks · February 26, 2011

no i only have one username. i just happened to use the same tutorial.

darkfreaks · February 26, 2011

i have since used this to help but i think it only removes all XSS injection from the form.

$email_from = clean_string($purifier->purify($_POST['email_from']));

but it does not stop header injection completely.

if i enter the above email i get

Reply-To: [email protected]

From: [email protected]

sent from: host.cheatordie.com

Sign In

email field help(sanitization fail)

Recommended Posts

darkfreaks

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information