In the following code, an email is sent via PHP, Apache, and Linux. A comment from a website user, $comment, and her $emailFrom address, are obviously potentially of an unknown nature. Do these fields need any filtering due to any commonly known security risks? The receiving email system would be Gmail and processed by a human and there is no other intervening software other than what is inherent to the internet.
$headers = "From: " . $emailFrom . "\r\n" .
"Reply-To: " . $emailFrom . "\r\n" .
"X-Mailer: PHP/" . phpversion();
mail("websiteOwner@mailDomain.com",
"a message from somebody that viewed my website ",
$comment, $headers);
Aucun commentaire:
Enregistrer un commentaire