On Tue, 7 Nov 2006 13:14:54 -0600 (CST), "Richard Lynch" wrote: > The Bad Guys are probably cramming your $subject and $from data with > an ENTIRE eamil, so your mail() function is, in effect, and Open > Relay. (That's very very very bad.) > > Example: > Normal Input > $subject = "Hi!"; > > Bad Guy Input > $subject = "Hi!\r\nCc: [EMAIL PROTECTED]@example.com"; > > If you do: > mail($to, $subject, $body); > > then you are letting THEM control the headers of your email, which > lets them splice in 1000 recipients to their junk.
Have you actually tried this? I set up a dummy sendmail program that logs its input to a file, and it turned out that PHP's mail() function converts control characters to white space. More specifically, it performed the following conversions (PHP 5.0.2 on Windows 98SE): To: and Subject: ---------------- \x00 -> Terminates string. \x01-\x1f -> Replaced by \x20. \x20-\x7e -> Passed through. \x7f -> Replaced by \x20. \x80 -> Passed through. \x81 -> Replaced by \x20. \x82-\x8c -> Passed through. \x8d -> Replaced by \x20. \x8e -> Passed through. \x8f-\x90 -> Replaced by \x20. \x91-\x9c -> Passed through. \x9d -> Replaced by \x20. \x9e-\xff -> Passed through. Body: ----- \x00 -> Terminates string. \x01-\xff -> Passed through. --nfe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
