trimFalseEmailHeaders(str)
Last updated February 3, 2006
Version: 1 | Requires: ColdFusion 5 | Library: SecurityLib
Description:
Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection. This includes 'content-type','mime-version','to','bcc' and 'subject'. It keeps the value intact, but replaces colons to avoid injection.
Credit to: http://www.webmasterworld.com/forum10/9776-2-10.htm
E-mail injection:
http://en.wikipedia.org/wiki/Email_Injection
Return Values:
Returns a string.
Example:
<cfset mailBody = "test injection#CHR(10)#Content-type: text/plain#CHR(10)#">
<cfset cleanMailBody = trimFalseEmailHeaders(mailBody )>
Parameters:
| Name | Description | Required |
|---|---|---|
| str | String to parse. | Yes |
Full UDF Source:
<cfscript>
/**
* Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection.
*
* @param str String to parse. (Required)
* @return Returns a string.
* @author Tony Brandner (tony@brandners.com)
* @version 1, February 3, 2006
*/
function trimFalseEmailHeaders(str) {
str = replaceNoCase(str, "Content-Type:", "content-type;", "ALL" );
str = replaceNoCase(str, "MIME-Version:", "mime-version;", "ALL" );
str = replaceNoCase(str, "To: ", "to; ", "ALL" );
str = replaceNoCase(str, "From: ", "from; ", "ALL" );
str = replaceNoCase(str, "bcc: ", "bcc; ", "ALL" );
str = replaceNoCase(str, "Subject: ", "subject; ", "ALL" );
return str;
}
</cfscript>
Search CFLib.org
Latest Additions
structBlend
19 day(s) ago
IsZIPUK
19 day(s) ago
getTagContentAll
26 day(s) ago
ListReturnDuplicat...
1 month(s) ago
ListReturnDuplicat...
1 month(s) ago