php邮件头注入预防 [英] php mail header injection prevention
问题描述
在用于邮件功能的php手册页上,有一条用户评论说小心防止头注入".
On the php manual page for mail function, there was a user comment saying "take care to prevent header injection".
在我的应用程序中,我使用邮件功能,而我用作该功能参数的唯一用户输入是电子邮件地址.
In my application, I use the mail function, and the only user input I use as a parameter to the function is the email address.
我使用正则表达式 ^ [_ a-z0-9-] +(\.[_ a-z0-9-] +)* @ [a-z0-9-] +(\.[a-z0-9-] +)*(\.[az] {2,3})$
.
这还会防止报头注入吗?
Will this also prevent against header injection?
谢谢,
jrh
Thanks,
jrh
推荐答案
有人想注入这样的东西:
Someone would want to inject something like this:
user_address@domain.com
抄送:spam_address1 @ domain.com,spam_address2 @ domain.com,spam_address3 @ domain.com
user_address@domain.com
CC: spam_address1@domain.com, spam_address2@domain.com, spam_address3@domain.com
您不允许使用 \ r \ n 来定义新的标题信息.这样您的应用程序是安全的.
You do not allow \r\n which is needed for defining new header info. So your application is safe.
这篇关于php邮件头注入预防的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!