trimFalseEmailHeaders(str)
Last updated February 3, 2006
Version: 1 | Requires: ColdFusion 5 | Library: SecurityLib
Description:
Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection. This includes 'content-type','mime-version','to','bcc' and 'subject'. It keeps the value intact, but replaces colons to avoid injection.
Credit to: http://www.webmasterworld.com/forum10/9776-2-10.htm
E-mail injection:
http://en.wikipedia.org/wiki/Email_Injection
Return Values:
Returns a string.
Example:
<cfset mailBody = "test injection#CHR(10)#Content-type: text/plain#CHR(10)#">
<cfset cleanMailBody = trimFalseEmailHeaders(mailBody )>
Parameters:
| Name | Description | Required |
|---|---|---|
| str | String to parse. | Yes |
Full UDF Source:
<cfscript>
/**
* Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection.
*
* @param str String to parse. (Required)
* @return Returns a string.
* @author Tony Brandner (tony@brandners.com)
* @version 1, February 3, 2006
*/
function trimFalseEmailHeaders(str) {
str = replaceNoCase(str, "Content-Type:", "content-type;", "ALL" );
str = replaceNoCase(str, "MIME-Version:", "mime-version;", "ALL" );
str = replaceNoCase(str, "To: ", "to; ", "ALL" );
str = replaceNoCase(str, "From: ", "from; ", "ALL" );
str = replaceNoCase(str, "bcc: ", "bcc; ", "ALL" );
str = replaceNoCase(str, "Subject: ", "subject; ", "ALL" );
return str;
}
</cfscript>
Search CFLib.org
Latest Additions
arrayTrim
11 day(s) ago
longTime
17 day(s) ago
quickSort
27 day(s) ago
GetHostAddress
30 day(s) ago
Top Rated
Rated 5.0, 16 time(s)
Rated 5.0, 13 time(s)
Rated 5.0, 10 time(s)
Rated 5.0, 4 time(s)