flash mail form header injection

Question

I've made a flash form, passing it's variables to a php script. To prevent email header injection I'm using this line:if (preg_match( "/[
]/", $sendFrom ) || preg_match( "/[
]/", $sendTo ) ) So if it finds newlines in the 'from' and 'to' fields, the emailing isn't executed.Appearently this doesn't work since with it I don't receive the email, but without it I do.Perhaps in a flash textfield these newlines work a bit differently?

sinious · Answer

To complete a header line you need to at least have a \r so you're always going to encounter one.

What you might want to do is explode via \r and count() the array returned. If you have any characters past index 0 that could be an injection. Just use your matching on any character on a second index, preg_match('/./',$returnedArr[1]).

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded