联系表单的 php 邮件标头注入清理
我想出了以下脚本来清理我的 php 邮件联系表单。想知道是否还有其他建议我应该放在这里。这只是代码片段,因为我还对每个字段进行了预匹配,以仅允许允许的字符,但就从一开始就清理注入而言,有什么关于更改的建议吗?
我意识到我没有包含 /r、/n、%0a 和 %0d,但是当我这样做时,它会在我向自身发布内容并在这些字段上包含“错误”和“无效”注释时产生表单问题有错误,包括原始错误,因此可以更正它们,而且无论如何,我想允许在表单的注释“文本区域”中输入新行。
// remove any possible inections
foreach($values as $key => $input){
$values[$key] = cleaninjections($input);
}
// perform on each field of the form
function cleaninjections($test)
{
// Remove injected headers
$find = array("/bcc\:/i",
"/content\-type\:/i",
"/mime\-version\:/i",
"/cc\:/i",
"/from\:/i",
"/to\:/i",
"/content\-transfer\-encoding\:/i");
$ret = preg_replace($find, "", stripslashes($test));
return $ret;
}
I came up with the following script to clean my php mail contact forms. Was wondering if there is anything else that is recommended I should put in here. This is just a snippet of the code as I also pregmatch each field to only allow characters allowed, but as far as cleaning injections from the get go - any recommendations on changes?
I realize I have not included /r, /n, %0a, and %0d, but when I do so it creates an issue with the form as I post to itself and include 'error' and 'invalid' comments on those fields which have errors including the original so they can be corrected plus I want to allow enter and new lines in the comments 'text area' of the form anyways.
// remove any possible inections
foreach($values as $key => $input){
$values[$key] = cleaninjections($input);
}
// perform on each field of the form
function cleaninjections($test)
{
// Remove injected headers
$find = array("/bcc\:/i",
"/content\-type\:/i",
"/mime\-version\:/i",
"/cc\:/i",
"/from\:/i",
"/to\:/i",
"/content\-transfer\-encoding\:/i");
$ret = preg_replace($find, "", stripslashes($test));
return $ret;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论