Search:

Type: Posts; User: Sepodati

Search: Search took 0.01 seconds.

  1. Replies
    26
    Views
    13,987

    You need to strip newlines from any user data...

    You need to strip newlines from any user data that you place in the headers, or reject the submission if newlines are present.


    $subject = str_replace(array("\n","\r"), '', $_POST['subject']);...
  2. Replies
    26
    Views
    13,987

    Good point about the commas. ---John Holmes...

    Good point about the commas.

    ---John Holmes...
  3. Replies
    26
    Views
    13,987

    That link doesn't really relate to the problems...

    That link doesn't really relate to the problems in the script. The link details one method to prevent harvesting of email addresses from your page. The vulnerability allows malicous users to use your...
  4. You'd be surprised what may or may not hold up in...

    You'd be surprised what may or may not hold up in court. For something that's trivial to fix, it's not worth taking the chance.

    ---John Holmes...
  5. Replies
    26
    Views
    13,987

    Sorry to drag up an old thread, but it was linked...

    Sorry to drag up an old thread, but it was linked to in another topic.

    I just wanted to point out that HTTP_REFERER is something set by the user's browser. It is easily spoofed and some browsers...
  6. 1. Yeah, that's not much of a fix (the...

    1. Yeah, that's not much of a fix (the HTTP_REFERER one). HTTP_REFERRER is easily spoofed and not all browsers send it, anyhow. I would not use a script that relied upon it.

    Preventing Mail...
  7. Replies
    1
    Views
    2,564

    ADDON: Allow member to change password

    I had a client that required this feature, so I wrote a new page to do so. Just link to "member_change_password.php" wherever you want and the page will handle the rest of it. This code will allow...
  8. Mail Header Injection Vulnerability and other things

    First of all, great program. I just had to make some changes to it for a client and it only took a couple hours because your code was pretty organized and it was easy to find the areas I needed to...
Results 1 to 8 of 8