Re: query string passing woes........ help... please....


"shimmyshack" <matt.farey@xxxxxxxxx> wrote in message
news:1172699418.819789.152550@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| On 28 Feb, 21:25, "r...@xxxxxxxxxxxxxxxxxx" <r...@xxxxxxxxxxxxxxxxxx>
| wrote:
| > > I assume you rename the contact.html to contactform.php
| >
| > When you assume you really make an ass out of me!! haha!!! Thank you
| > sooooooooo much, everything works now!!!! Now I just have to work on
| > the security aspect of it!!
| >
| > I can't believe I fiddled with this for two days and all I had to do
| > was change .html to .php jeeezzzz!!!! I take back everything I said
| > before about feeling stupid.. NOW I reaalllyyy feeelll retarded!!!
| > dee-de-deeeee
| >
| > Ok, now on to security measures.... Could someone explain to me what
| > this code does, how it secures the emails and where in my code I
| > should implement it?
| >
| > $emailInput = array($to, $from, $cc, $bcc, $subject, $message);
| > $injections = array('to', 'from', 'cc', 'bcc');
| > foreach ($emailInput as $input)
| > {
| > foreach ($injections as $injection)
| > {
| > $input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
| > $input);
| > }
| >
| > }
|
| this code should be used just before the mail function, all it does,
| is to enforce the format of each "header" - a header here just means
| To: email@xxxxxxxxx
| From: me@xxxxxxxx
| rather like the headers of an HTTP request
| etc... the part before the : cprresponds to $to $from etc.. the part
| afterwards to the value
| of $to $from etc...
| so that it won't allow the value of one header to actually be two
| headers together - which would smuggle in more BCC address rather than
| the single value you wanted to allw.
| Its a neat method.

why thank you...i threw it together in about as much time as it took me to
type it. ;^)

cheers


.

Relevant Pages

  • RE: [Full-Disclosure] Sidewinder G2
    ... If you not current with security software to the last two years your screwed ... A search at Cert for "Secure Computing" and "Sidewinder: ... exploit contains characters outside of the set defined by RFC822 (aka binary ... (do you really need a HTTP host: header length greater than 50 characters?). ...
    (Full-Disclosure)
  • Re: Calling macro function from within a header/footer?
    ... out for security classification levels seems to work just fine for page by ... When you put a field in a header, the header shows the same field ... > Jay Freedman ... So is there anyway possible to access a field via VBA code in the ...
    (microsoft.public.word.vba.general)
  • Re: A tool for crafting ESP packets
    ... A tool for crafting ESP packets ... AH (Authentication Header), ESP ... As all of these headers make up the IP Security ...
    (Pen-Test)
  • Re: Calling macro function from within a header/footer?
    ... We've asked Microsoft about the ability to run VBA code from a field ... code from a field would be a security risk (in the antivirus security ... Basically I have a bunch of code within the header ...
    (microsoft.public.word.vba.general)
  • Re: Please Help me- Creating Custom tokens
    ... you are free to do implement your own security elements in the header ... > But i guess that deals with the client sending a custom token obtained> from a token issuer and using that to encrypt and sign the requests.. ... > But the problem i want to solve is slightly different since I want to> send an encrypted token in the header of the response message. ... The> token created by the server has some user info such as his first name> last name, ...
    (microsoft.public.dotnet.framework.webservices.enhancements)