[UPHPU] mailing options???
Walt Haas
haas at xmission.com
Tue Mar 27 18:05:15 MDT 2007
On Tue, 2007-03-27 at 12:48 -0600, Trevyn Meyer wrote:
> That wont work
>
> Use this
> $to_email = "mantisit at domain.com, $from_email";
If you use that approach, be very very careful about filtering the user
input that becomes the value of $from_email. Without adequate
filtering, somebody can create a $from_email value that includes a CR-LF
and adds a bunch of headers sending an email to a bazillion innocent
bystanders with an ad for cheap viagra or a stock that is sure to
explode. It happened to me *blush*.
-- Walt
More information about the UPHPU
mailing list