Skip to main content
Waleed Barakat
Waleed Barakat
Known Participant
December 8, 2009
Answered

Developer-Online Tutorial Announcement: Creating a Contact form in Dreamweaver from scratch.

  • December 8, 2009
  • 1 reply
  • 1472 views

Creating a Contact form in Dreamweaver from scratch

Creating a Contact form in Dreamweaver from scratch
In this tutorial we will build a contact form with Dreamweaver CS3 from scratch, our application consists of 2 pages, The first page contains the contact form, and the second page contains the form submission action and the thank you message. Also we will use Dreamweaver form validation behavior to validate the form. The Validate Form behavior checks the contents of specified text fields to ensure that the user has entered the correct type of data.

__
Best Regards
Waleed Barakat
Developer-Online Creator and programmer

This topic has been closed for replies.
Correct answer David_Powers

The code in that tutorial has a gaping security hole. Inserting an unfiltered email address from user input into the mail headers is an open invitation to email header injection attacks.

1 reply

David_Powers
David_PowersCorrect answer
Inspiring
December 8, 2009

The code in that tutorial has a gaping security hole. Inserting an unfiltered email address from user input into the mail headers is an open invitation to email header injection attacks.

Waleed Barakat
Waleed BarakatAuthor
Known Participant
December 9, 2009

That was a great note, thank you, i just updating the submit.php file to check for such security gaps

Here is some updates:
-----------------------------------

// Remove $_COOKIE elements from $_REQUEST.
if(count($_COOKIE)){foreach(array_keys($_COOKIE) as $value){unset($_REQUEST[$value]);}}

// Check all fields for an email header.
function recursive_array_check_header($element_value)
{
global $set;
if(!is_array($element_value)){if(preg_match("/(%0A|%0D|\n+|\r+)(content-type:|to:|cc:|bcc:)/i",$element_value)){$set = 1;}}
else
{
foreach($element_value as $value){if($set){break;} recursive_array_check_header($value);}
}
}
recursive_array_check_header($_REQUEST);
if($set){$errors[] = "You are prevented from sending an email header";}
unset($set);

// Check referrer is from same site.
if(!(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))){$errors[] = "You must activate referrer login to use the form";}

The new updated files are attached to this message, also it can be downloaded from here directly...

__
Best Regards
Waleed Barakat
Developer-Online Creator and programmer

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices