I played with this code some and noticed one additional possible problem - I don't know if doing the following in the mail(...) header is an actual exploit.
The checking for valid format of the email allows a % sign. I don't know if this is allowed by standards (I personally don't allow it in an email address.) But allowing a % would allow any URL encoded character in the email variable. The code does allow things like BCC%3Asome%40place.com, where the %3A is a ":" and %40 is an "@" and this becomes BCC:some@place.com. \n's could be entered as %0A... As I said, the code allows this to occur, but I don't specifically know or test if the mail(...) function takes this and decodes the %xx values.
Edit: Using image verification will stop automated scripts and securing the code will prevent automatic/manual sending to email addresses other than the one in the TO field.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Last edited by mab; 11-28-06 at 02:01 AM.
Reason: added info
|