Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In http://drupal.org/node/68265 there the validation function checks for header inclusion. Is it wise to add this to the Gotcha module?
Comments
Comment #1
NancyDruI don't really see the part you're talking about. I'm not sure I even understand the issue. Can you be more specific, please?
BTW, are you also "Creazion?"
Comment #2
PROMES1.
I am talking about a contact form with file attachments, described in http://drupal.org/node/68265. The validation function is:
function contactform_validate($form_id, $form_values) {
// first we validate if there is a email injection
$finds = array("/bcc:/i",
"/Content-Type:/i",
"/Mime-Type:/i",
"/MIME-Version:/i",
"/multipart\/mixed/i",
"/boundary=/i",
"/subject:/i",
"/cc:/i",
"/to:/i");
foreach($form_values as $value)
foreach($finds as $find)
if(preg_match($find,$value))
form_set_error('', '
Stop spamming
');
I discovered yesterday that the code is converted now in the Mail Attach module where the validation module says:
// first we validate if there is an email injection
foreach($form_values as $field => $value){
if(preg_match('/(%0A|%0D|\n+|\r+|content-type:|to:|cc:|bcc:)/i', $value)){
form_set_error($field, variable_get('mailattach_spam_msg', 'Stop spamming'));
break;
}
}
So what I mean is: is it wise to add some code as above?
2.
No I don't have another alias in Drupal.org. I don't know "Creazion".
Comment #3
NancyDruWhen Spam 3.0 comes out and I have to make changes, I'll revisit this issue.