1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:52 pm May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

mail function protection

add to the inbuild mail function

         

scriptmasterdel

11:26 am on Nov 14, 2006 (gmt 0)

10+ Year Member



I'm looking for a solution =]

Background:
I have a client that has two servers with around 400 websites that are on those servers, now we wish to impliment a e-mail injection trap script we have produced but we would prefer it if we didn't have to impliment it on every website.

Question:
Is there a way that we can amend the in-build PHP mail() function so that it uses our script instead / as well as? Or do you have any better ideas? Or is there no other solution?

Any comments will be appreciated very much.

Thank you.

Del

vincevincevince

12:31 pm on Nov 14, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I suggest that you check the input within the script rather than within the function itself.

You can write regular expressions to check that the To: address is a regular email address, and you can scan for thinks like mail boundaries and MIME headers in the form input.

If you find anything which indicates foul-play then blacklist the IP. You don't have to notify them or block them, just don't handle anything from that IP ever.

It might be worth writing to PHP/Zend and requesting a more secure mail() function - I agree it is very insecure.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:52 pm May 2, 2026