[UPHPU] mailing options???
Brandon Stout
bms at mscis.org
Wed Mar 28 09:50:34 MDT 2007
Walt Haas wrote:
> On Tue, 2007-03-27 at 12:48 -0600, Trevyn Meyer wrote:
>
>> That wont work
>>
>> Use this
>> $to_email = "mantisit at domain.com, $from_email";
>>
>
> If you use that approach, be very very careful about filtering the user
> input that becomes the value of $from_email. Without adequate
> filtering, somebody can create a $from_email value that includes a CR-LF
> and adds a bunch of headers sending an email to a bazillion innocent
> bystanders with an ad for cheap viagra or a stock that is sure to
> explode. It happened to me *blush*.
>
> -- Walt
Yes, and the worst part... the email comes from you because they used
your form to send it. So you can get spam-listed and you'll have to
make all sorts of steps to get back off the spam lists. I've seen this
happen to several companies.
Brandon Stout
http://mscis.org
More information about the UPHPU
mailing list