php邮件头注入预防 [英] php mail header injection prevention

问题描述

在用于邮件功能的php手册页上，有一条用户评论说小心防止头注入".

On the php manual page for mail function, there was a user comment saying "take care to prevent header injection".

在我的应用程序中，我使用邮件功能，而我用作该功能参数的唯一用户输入是电子邮件地址.

In my application, I use the mail function, and the only user input I use as a parameter to the function is the email address.

我使用正则表达式 ^ [_ a-z0-9-] +(\.[_ a-z0-9-] +)* @ [a-z0-9-] +(\.[a-z0-9-] +)*(\.[az] {2,3})$ .

这还会防止报头注入吗?

Will this also prevent against header injection?

谢谢，
jrh

Thanks,
jrh

推荐答案

有人想注入这样的东西:

Someone would want to inject something like this:

user_address@domain.com
抄送:spam_address1 @ domain.com，spam_address2 @ domain.com，spam_address3 @ domain.com

user_address@domain.com
CC: spam_address1@domain.com, spam_address2@domain.com, spam_address3@domain.com

您不允许使用 \ r \ n 来定义新的标题信息.这样您的应用程序是安全的.

You do not allow \r\n which is needed for defining new header info. So your application is safe.

这篇关于php邮件头注入预防的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！