[Solar-talk] email header injection and new email class
Jeff Surgeson
solar at 3hex.com
Sun Apr 1 09:52:42 PDT 2007
Hi Paul & all :-)
With regards the new email classes, I have just had a torrid time with one of
my mail scripts being manipulated to send spam by header injection.
My script used Pear's Mail.php class, it was a very simple "Contact Us" Solar
form with 3 fields, email address, subject body. No login required to use.
The "To" data came from a Solar config value and the "From" "Subject"
and "Body" from the form values, with normal validation rules. This site was
based on a very early version of Solar which i had never updated, not that
makes a difference as it is my poor use of the Pear library that is the
problem as did nothing to prevent header inject.
My question is does the new Solar mail classes defend against header injection
or do I still need to take care of this myself?
--
...........::::::...........
Jeff Surgeson / South Africa
More information about the solar-talk
mailing list