当前位置: 首页 > 网络学院 > 服务端脚本教程 > PHP > PHP 安全邮件
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset($_REQUEST['email'])) //if "email" is filled out, send email { //send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("[email protected]", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } else //if "email" is not filled out, display the form { echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </body> </html> |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
[email protected]%0ACc:[email protected] %0ABcc:[email protected],[email protected], [email protected],[email protected] %0ABTo:[email protected] |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } //if "email" is filled out, send email if (isset($_REQUEST['email'])) { //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==TRUE) { echo "Invalid input"; } else { //send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("[email protected]", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else //if "email" is not filled out, display the form { echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </body> </html> |