Posted By

errkk on 02/22/10


Tagged

email php header injection


Versions (?)

check for email header injection


 / Published in: PHP
 

  1. public function InjectionSafe($TestString, $RemoveLinks = false){
  2. $regex = '/\b^to+(?=:)\b|^content-type:|^cc:|^bcc:|^from:|^subject:|^mime-version:|^content-transfer-encoding:/im';
  3.  
  4. // Don't allow any of these strings in here
  5. if(0 < preg_match($regex, $TestString)){
  6. // Illegal characters
  7. return false;
  8. }
  9. else{
  10. if(true === $RemoveLinks)
  11. {
  12. $regex2 = '/http:\/\/|https:\/\/|href=|mailto:/i';
  13. if(0 < preg_match($regex2, $TestString))
  14. {
  15. // Illegal characters
  16. return false;
  17. }
  18. }
  19.  
  20. // No nasties found, we cool
  21. return true;
  22. }
  23. }

Report this snippet  

You need to login to post a comment.