Joe Lapp wrote:
From: Harry Fuecks <hfuecks@xxxxxxxxx>Its not a really a mailer issue. Its a incoming data validation/cleansing issue. If data for any of to, from or subject fields contains unexpected data it should be discarded. iirc, for mail injection that means strings which contain new lines. But there is no reason not to be testing for other data which has no place in those fields. Dokuwiki already contains routines to validate some forms of data, investigate those before deciding if you need to write your own.
Second that: http://securephp.damonkohler.com/index.php/Email_Injection
Wow, now I see why I've been getting spam emails from myself -- from an email address I generally don't advertize. PHPMailer does nothing to protect against injection attacks.
Where does this behavior belong?
Cheers,
Chris -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist