Better yet, don't allow the user to enter a From address. Simply give them subscribe and unsubscribe radio buttons, and make sure the un/subscribe-ee gets a confirmation email. And certainly check your input fields for newlines. :)
On 8/7/06, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Mon, August 7, 2006 2:37 am, David Dorward wrote: > Richard Lynch wrote: > >> <?php switch($_REQUEST['email']){ case '[EMAIL PROTECTED]': case '[EMAIL PROTECTED]': //Do nothing. break; default: die("Hack attempt."); break; } >> if (isset($_REQUEST['email'])){ >> $success = mail($_REQUEST['action'], 'un/subscribe', >> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to: >> $_REQUEST[email]"); >> if ($success) echo "Status Change Sent"; >> else echo "Unable to send Status Change"; >> } >> ?> > > What if someone submitted: > > action = [EMAIL PROTECTED] > > email = [EMAIL PROTECTED] long winded evil spam message here > > ?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php