mail()注射,我安全吗? [英] mail() injection, am i safe?
问题描述
我正在看邮件注入,
http://securephp.damonkohler.com/ind...mail_Injection
我想知道我的邮件(。 ..)很安全。
我在表格中要求
1名称
2电子邮件地址
3主题
4评论/消息
然后我将所有上述内容放在一起构建一条消息。
所以即使有注射,它都在我的信息正文中,对吧?
然后我按照正常情况使用邮件(...)和我的硬编码To :"和主题:
这是一种相当安全的方式吗?
如何解析我的表格以防止恶意代码,(脚本?评估?)
非常感谢您的意见。
Simon
他们还可以在主题中注入内容。线路..
您应该通过测试功能运行您的姓名,电子邮件和主题行
像我一样:
函数isUnsafe(
str)
{
if(eregi(''Content-Type'',
str))
返回true;
if(eregi(''multipart / mixed'',
Hi,
I was looking at mail injection,
http://securephp.damonkohler.com/ind...mail_Injection
And I was wondering if my mail(...) was safe.
I ask in a form for
1 Name
2 Email address
3 Subject
4 Comment/Message
I then build one message by putting all of the above together.
So even if there was injection, it is all in the body of my message, right?
I then use mail(...) as per normal with my hard coded "To:" and "Subject:"
Is that a fairly safe way?
How should I parse my form to prevent malicious code, (Script? eval?)
Many thanks for your input.
Simon
They can also inject stuff in the "Subject" line..
You should run your name, e-mail and subject lines through a test function
like mine:
function isUnsafe(
str)
{
if (eregi(''Content-Type'',
str))
return true;
if (eregi(''multipart/mixed'',
这篇关于mail()注射,我安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!