Thread: Contact page scripts
View Single Post
Old 11-24-2012, 10:11 AM  
sixsax
Confirmed User
 
Industry Role:
Join Date: Aug 2006
Location: Denmark
Posts: 213
You can modify the beginning of AutumnBHs script to disable unwanted header injection.

Code:
if($_POST['posted'] == 'yes') {
  $name = trim(preg_replace('/\s+/s', ' ', $_POST['name']));
  $email = preg_replace('/[\s<>]+/s', '', $_POST['email']);
  $subject = trim(preg_replace('/\s+/s', ' ', $_POST['subject']));

  // etc
sixsax is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote