Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Reality Check on Formmail Security
- David J. Hennessy
March 16, 2010, 8:09 pm
rate this thread
As an exercise to satisfy my own curiosity, I am rolling my own "contact
me" script. The idea is to have it be AJAX-enhanced, but fall-over to a
Naturally, I want this form to be impervious to spammers. I don't care
about people spamming me with it; rather, I don't want spammers to
exploit the form to spam others, with an injection (or some such attack).
Of course, the email that the form gets sent to (mine) is coded into the
PHP script, and not included in the HTML form in any way (such as a
hidden input element). I'm checking form field inputs to strip "\r",
"\n", "%0a", "%0d", "Content-Type:", "Content-Transfer-Encoding:",
"MIME-Version:", "bcc:", "to:", and "cc:". I was also planning on using
this regular expression to validate the email address:
...whaddya think? Am I practicing safe formmail?
Re: Reality Check on Formmail Security
On Tue, 16 Mar 2010 13:09:19 -0700, David J. Hennessy wrote in
Sounds like it.
Add in an optional Captcha and you'll have a winner.
That way, usrs of your FM won't have to hack to add.
A lot of people are afraid of heights. Not me, I'm afraid of widths.