Thread: PHP Security alert: PHP mail() Function Lets Remote Users Inject E-mail Headers
View Single Post
  #5 (permalink)  
Old 04-29-07, 07:14 PM
wirehopper's Avatar
wirehopper wirehopper is offline
-
  
Join Date: Feb 2006
Posts: 2,515
Thanks: 20
Thanked 109 Times in 106 Posts
Check for to:, cc:, and bcc: in the input, or if you're really lazy - just reject any input with a colon.
Reply With Quote