本文介绍了阻止sendmail注入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 在这里看: http://www.devarticles.com/c/a/PHP/G...il-Function/2/ it说我必须要小心我发送到sendmail程序的内容 通过popen()。这也适用于主题:行吗? (我打开一个进程而不是简单地使用mail(),这样我就可以设置 带有sendmail'的-f开关的返回路径标题并捕获跳出。) 我的From:和To:是硬编码的,*不是*从任何webform文本字段中删除。 /> 我正在使用: $ i = preg_match_all(''/ [a-zA-Z0-9 _] /'',$ subject,$ arr ); $ on $ subject以防万一。这是排除任何危险的 字符的正确方法吗? (IOW,我正在使用白名单方法。) 我是否需要关注主题行? 解决方案 arr); looking here: http://www.devarticles.com/c/a/PHP/G...il-Function/2/it says that I have to be careful about what I send to the sendmail processvia popen(). Does that also apply to the Subject: line?(I''m opening a process rather than simply using mail() so that I can set thereturn-path header with sendmail''s -f switch and catch bounces.)My From: and To: are hardcoded and *not* taken from any webform textfields.I''m using:$i = preg_match_all(''/[a-zA-Z0-9_]/'', $subject, $arr);on the $subject just in case. Is that the correct way to exclude any dangerouscharacters? (IOW, I''m using a whitelist approach.)Do I need to be concerned about the Subject line regardless? 解决方案 这篇关于阻止sendmail注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
08-28 15:09