CMS MADE SIMPLE FORGE

CMSMailer

 

[#925] Add email header injection protection

avatar
Created By: Ryan Blunden (ryno)
Date Submitted: 2006-08-16 22:22

Assigned To:
Resolution: None
State: Open
Summary:
Add email header injection protection
Detailed Description:
More info at http://www.securephpwiki.com/index.php/Email_Injection

The contact_form plugin has a sanitize function, although I can't vouch for how
bulletproof it is.

function cfsanitize($content)
{
    return str_replace(array("\r", "\n"), "", trim($content));
}

While we're talking about email, Harry F (Sitepoint PHP blogger) has been
talking about how to handle UTF-8 in email:
-
http://www.sitepoint.com/blogs/2006/08/15/utf-8-email-in-php-with-ez-components/

Cheers,
Ryno

History