Summary:
Add email header injection protection
Detailed Description:
More info at http://www.securephpwiki.com/index.php/Email_Injection
The contact_form plugin has a sanitize function, although I can't vouch for how
bulletproof it is.
function cfsanitize($content)
{
return str_replace(array("\r", "\n"), "", trim($content));
}
While we're talking about email, Harry F (Sitepoint PHP blogger) has been
talking about how to handle UTF-8 in email:
-
http://www.sitepoint.com/blogs/2006/08/15/utf-8-email-in-php-with-ez-components/
Cheers,
Ryno