Revision: 24136
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at February 22, 2010 04:10 by errkk
Initial Code
public function InjectionSafe($TestString, $RemoveLinks = false){
$regex = '/\b^to+(?=:)\b|^content-type:|^cc:|^bcc:|^from:|^subject:|^mime-version:|^content-transfer-encoding:/im';
// Don't allow any of these strings in here
if(0 < preg_match($regex, $TestString)){
// Illegal characters
return false;
}
else{
if(true === $RemoveLinks)
{
$regex2 = '/http:\/\/|https:\/\/|href=|mailto:/i';
if(0 < preg_match($regex2, $TestString))
{
// Illegal characters
return false;
}
}
// No nasties found, we cool
return true;
}
}
Initial URL
Initial Description
Initial Title
check for email header injection
Initial Tags
email, php, header
Initial Language
PHP