Jump to content

email field help(sanitization fail)

darkfreaks

By darkfreaks
in PHP Coding Help

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

okay so i have a slight problem. i have been testing my form with fake emails if i put something like CXZC@ff.ff in my email field i get an email with

 

From : CXZC@ff.ff.cheatordie.com

 

i do have a function called clean_string() that weeds out  the following

 

 

href|bcc|cc|to:|content-type

 

can i add to this to weed something like this out?

 

i already am using  filter_vars validate_email filter and regex ontop of this and it is still happening.

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

i have since used this to help but i think it only removes all XSS injection from the form.

$email_from = clean_string($purifier->purify($_POST['email_from']));

 

but it does not stop header injection completely.

 

if i enter the above email i get

Reply-To: email@cheatordie.com

From: email@cheatordie.com

sent from: host.cheatordie.com

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.