Check for header inclusion
promes - October 30, 2007 - 15:27
| Project: | Gotcha - Contact Spam Catcher |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | postponed |
Jump to:
Description
In http://drupal.org/node/68265 there the validation function checks for header inclusion. Is it wise to add this to the Gotcha module?
#1
I don't really see the part you're talking about. I'm not sure I even understand the issue. Can you be more specific, please?
BTW, are you also "Creazion?"
#2
1.
I am talking about a contact form with file attachments, described in http://drupal.org/node/68265. The validation function is:
function contactform_validate($form_id, $form_values) {
// first we validate if there is a email injection
$finds = array("/bcc:/i",
"/Content-Type:/i",
"/Mime-Type:/i",
"/MIME-Version:/i",
"/multipart\/mixed/i",
"/boundary=/i",
"/subject:/i",
"/cc:/i",
"/to:/i");
foreach($form_values as $value)
foreach($finds as $find)
if(preg_match($find,$value))
form_set_error('', '
Stop spamming
');
I discovered yesterday that the code is converted now in the Mail Attach module where the validation module says:
// first we validate if there is an email injection
foreach($form_values as $field => $value){
if(preg_match('/(%0A|%0D|\n+|\r+|content-type:|to:|cc:|bcc:)/i', $value)){
form_set_error($field, variable_get('mailattach_spam_msg', 'Stop spamming'));
break;
}
}
So what I mean is: is it wise to add some code as above?
2.
No I don't have another alias in Drupal.org. I don't know "Creazion".
#3
When Spam 3.0 comes out and I have to make changes, I'll revisit this issue.