Is there any injection vunerability in the body of an email?

Posted by Brett on Stack Overflow See other posts from Stack Overflow or by Brett
Published on 2011-03-17T16:07:17Z Indexed on 2011/03/17 16:10 UTC
Read the original article Hit count: 182

Filed under:
|

Hey guys..... AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct?

I am using the below function to sanitize my data, however I have some textarea fields on the page & hence these may contain linebreaks.. so was wondering if that user data is only going to be put in the body of the email, can it not bother with being sanitized - apart from stripping html of course?

Here is the function:

function is_injected($str) {

    $injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );

    $inject = join('|', $injections);
    $inject = "/$inject/i";

    if (preg_match($inject,$str)) {
        return true;
    } else {
        return false;
    }

}

As a side note, surprised there wasn't currently a tag for mail-injection / email-injection.

Thanks!

© Stack Overflow or respective owner

Related posts about php

Related posts about injection