><?php
> @extract($_POST);
One thing to be aware of is that there are security implications to using
extract(); if you use it (like here) to grab post and get variables,
you've essentially returned to a "register_globals = TRUE" regime. A
malicious user could inject suspect data into your global space, or
overwrite legitimate globals with new data.
At the very least, use the "EXTR_SKIP" parameter to avoid the overwrite
issue.
In the case of your script here, it's probably not a big deal, but in
general, I'd avoid using extract() on untrusted data.
One other thing -- spammers are on the lookout for unauthenticated
mailscripts like this, so you might want to throw an extra "magic"
parameter to provide a deterrent to casual reuse. Something like this is
better then nothing:
if (!($unlock_key == "mySecretValue")){
exit;
}
Hope this is useful...
[To remove yourself from this list, or to change to digest mode, go to
http://www.penworks.com/lingo-l.cgi To post messages to the list, email
[email protected] (Problems, email [EMAIL PROTECTED]). Lingo-L is for
learning and helping with programming Lingo. Thanks!]
