Return to Snippet

Revision: 24136
at February 22, 2010 04:10 by errkk


Initial Code
public function InjectionSafe($TestString, $RemoveLinks = false){
		$regex = '/\b^to+(?=:)\b|^content-type:|^cc:|^bcc:|^from:|^subject:|^mime-version:|^content-transfer-encoding:/im';
	 
		// Don't allow any of these strings in here
		if(0 < preg_match($regex, $TestString)){
		// Illegal characters
		return false;
		}
		else{
		 if(true === $RemoveLinks)
		 {
		  $regex2 = '/http:\/\/|https:\/\/|href=|mailto:/i';
		  if(0 < preg_match($regex2, $TestString))
			 {
		// Illegal characters
		return false;
			 }
		 }
		 
		 // No nasties found, we cool
	  return true;
		}
	}

Initial URL


Initial Description


Initial Title
check for email header injection

Initial Tags
email, php, header

Initial Language
PHP