NYCPHP Meetup

[Daniel Convissor]

On Thu, Feb 23, 2006 at 05:19:33PM -0500, Hans Zaunere wrote:
> 
> http://www.nyphp.org/phundamentals/email_header_injection.php

Pardon my dissent, but that article has flaws.  I've mentioned them before 
on several occasions.  But let's cut to the chase.  The quick, guaranteed 
way to avoid header injection is to pass all email headers through the 
following:

   $value = preg_replace("/[\r\n]+/", "\r\n ", trim($value));

There's a whole thread about this stuff, of which this is one:
http://lists.nyphp.org/pipermail/talk/2005-September/016172.html

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409