Security Question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've noticed that the following HTML form and PHP script are being used
on a site to which I contribute.  

Do they pose a security risk?

The HTML Form

<form name="FormName" method="POST" action="formprocess.php">

Name <input type="text" name="name">
Email<input type="text" name="email">

<input type="SUBMIT" name="submit" value="OK">

The PHP  (formprocess.php)

$email = $HTTP_POST_VARS[email];
$mailto = "";
$mailsubj = "Email Subject";
$mailhead = "From: $email\n";

reset ($HTTP_POST_VARS);

$mailbody = "Values submitted from web site form:\n";

while (list ($key, $val) = each ($HTTP_POST_VARS)) //wrapping
{ $mailbody .= "$key : $val\n"; }

if (!eregi("\n",$HTTP_POST_VARS[email])) //wrapping
{ mail($mailto, $mailsubj, $mailbody, $mailhead); }

Re: Security Question

On Nov 20, 11:34 pm, ll...@harold.invalid (Lloyd Harold) wrote:
Quoted text here. Click to load it

One should have access to mail() function source to conclude whether
this is a security
issue or not. Maybe has some advices on its usage?

I'm thinking about mail protocol, and it's pretty fragile:
From x@y.z
to: ...
from: ...
reply-to: ...
<empty line>
From m@n.o
to: ...

etc. So, one could trick it by sending another "From ..." after a
newline, where it's not supposed to
be (as the "From" is usually escaped in the mail text block if it's at
the beginning of a line), but
I doubt PHP mail function is not doing that already. That'd be too

I don't know. I have few other remarks, though, about your code:
 - don't use $HTTP_POST_VARS, they're deprecated, use $_POST instead
 - don't use $array[email], use $array["email"]. When php encounters
such thing as array index,
   it first tries to find a constant named email, and if it can't, it
assumes it was supposed to
   be in between quotes ("email") and uses it as such. This is not
recommended, however, since sometimes
   the index can match a constant's name and you will have a headache
with finding the bug.


Site Timeline