Re: [PHP] php 'mail()' security

2002-07-28 Thread Dennis Gearon
gt; Support > Web-1 Hosting > http://www.web-1hosting.net > - Original Message - > From: "Bob Lockie" <[EMAIL PROTECTED]> > To: "Dennis Gearon" <[EMAIL PROTECTED]>; "Tech Support" > <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]

Re: [PHP] php 'mail()' security

2002-07-28 Thread Tech Support
eb-1 Hosting http://www.web-1hosting.net - Original Message - From: "Bob Lockie" <[EMAIL PROTECTED]> To: "Dennis Gearon" <[EMAIL PROTECTED]>; "Tech Support" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, July 28, 2002 1:19 PM Subject:

Re: [PHP] php 'mail()' security

2002-07-28 Thread Bob Lockie
>There is no substitute for good data verification such as strip_tags() or >some regular expressions to limit valid input. I also would recomend >checking the referrer to be sure someone doesn't hijack you form and try to >modify it and submit it from a remote location. Here is an example: > >if

RE: [PHP] php 'mail()' security

2002-07-28 Thread John Holmes
Support [mailto:[EMAIL PROTECTED]] > Sent: Sunday, July 28, 2002 10:57 AM > To: Dennis Gearon; Bob Lockie > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] php 'mail()' security > > There is no substitute for good data verification such as strip_tags() or > some regular

Re: [PHP] php 'mail()' security

2002-07-28 Thread Tech Support
; $ref = explode('/', $referer); if ( in_array($ref[1], $_valid_referrers) ) return true; else return false; } Jim Grill Support Web-1 Hosting http://www.web-1hosting.net - Original Message - From: "Dennis Gearon" <[EMAIL PROTECTED]> To: "Bob Lockie"

Re: [PHP] php 'mail()' security

2002-07-28 Thread Justin French
- strip_tags() will remove HTML and PHP code from a string - there is a great function set which validates email address' to ensure the email address is in the correct format available from killersoft: http://killersoft.com/modules.php?op=modload&name=News&file=article&sid=2 - ensuring there are

Re: [PHP] php 'mail()' security

2002-07-27 Thread Dennis Gearon
What I meant was, how to sanitize the input on the forms so that malicious stuff cannot be put as commands, etc. in the email address, or body, or 'extra' field of the 'mail()' function in PHP. -- - Joy is just a thing (to be).. rais

Re: [PHP] php 'mail()' security

2002-07-27 Thread Bob Lockie
On Sat, 27 Jul 2002 17:31:16 -0700, Dennis Gearon wrote: >How can I make my form which entered by a user, then sent to a company >employee, secure, not vulnerable attack? >-- >- >Joy is just a thing (to be).. raised on, >Love is jus

RE: [PHP] PHP mail() security hole on 4.0.5+

2001-07-19 Thread Rasmus Lerdorf
> > -Original Message- > > From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, July 19, 2001 9:39 AM > > To: PHP Mailing List > > Subject: [PHP] PHP mail() security hole on 4.0.5+ > > > > > > http://www.net-security.org/text/bugs/995534103,28541,.shtml > >

RE: [PHP] PHP mail() security hole on 4.0.5+

2001-07-19 Thread Johnson, Kirk
> -Original Message- > From: Michael Geier, CDM Systems Admin [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 19, 2001 9:39 AM > To: PHP Mailing List > Subject: [PHP] PHP mail() security hole on 4.0.5+ > > > http://www.net-security.org/text/bugs/995534103,28541,.shtml Anyone have sugg