Advanced Search

check for email header injection

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. public function InjectionSafe($TestString, $RemoveLinks = false){
  2. 		$regex = '/\b^to+(?=:)\b|^content-type:|^cc:|^bcc:|^from:|^subject:|^mime-version:|^content-transfer-encoding:/im';
  3.  
  4. 		// Don't allow any of these strings in here
  5. 		if(0 < preg_match($regex, $TestString)){
  6. 		// Illegal characters
  7. 		return false;
  8. 		}
  9. 		else{
  10. 		 if(true === $RemoveLinks)
  11. 		 {
  12. 		  $regex2 = '/http:\/\/|https:\/\/|href=|mailto:/i';
  13. 		  if(0 < preg_match($regex2, $TestString))
  14. 			 {
  15. 		// Illegal characters
  16. 		return false;
  17. 			 }
  18. 		 }
  19.  
  20. 		 // No nasties found, we cool
  21. 	  return true;
  22. 		}
  23. 	}

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.