Articles | Search | Questions | Comming up | Sitemap

Ustrem.org

some good stuff on PHP, MySQL and Linux

PHP class for detecting and handling possible mail headers in text

Here's simple PHP class for detecting and handling possible mail headers in a string. It is useful for sanitizing input data from contact forms, guest books, etc. before sending it via email to prevent header injection. It has three main functions:

• Detect possible mail header patterns
• Delete possible patterns
• Escape patterns so that they cannot affect mail servers

<?php

/**

 * Class for detecting possible mail headers in string. Can be used for verifying web form input before sending via

 * email.

 */

class MailHeadersHandler {

    /**

     * All posible headers according to RFC.

     * @var array

     */

    protected $mail_rfc_headers= array('Date', 'From', 'Sender', 'Reply\-To', 'To', 'Cc', 'Bcc', 'Message\-ID',

                'In\-Reply\-To', 'References', 'Subject', 'Comments', 'Keywords', 'Resent\-Date', 'Resent\-From',

                'Resent\-Sender', 'Resent\-To', 'Resent\-Cc', 'Resent\-Bcc', 'Resent\-Message\-ID', 'Return\-Path',

                'Received');

    /**

     * Detect all possible header patterns.

     * @param string string text that is searched.

     * @return array() false if no headers found, array of possible headers otherwise.

     */

    function detect($string) {

        $matches= array();

        foreach($this->mail_rfc_headers as $header) {

            $regex= '/'.$header.'\s*\:/i';

            if(preg_match($regex, $string, $arr)) {

                $matches[]= $arr[0];

            }

        }

        if(count($matches) == 0)

            return false;

        return $matches;

    }

    /**

     * Deletes all posible header patterns.

     * @param string string text that is searched.

     * @return string text with removed header patterns.

     */

    function erase($string) {

        foreach($this->mail_rfc_headers as $header) {

            $regex= '/'.$header.'\s*\:/i';

            $string= preg_replace($regex, '', $string);

        }

        return $string;

    }

    /**

     * Escapes header pattern to header_value format.

     * @param string string text that is searched.

     * @return string text with escaped header patterns.

     */

    function escape($string) {

        foreach($this->mail_rfc_headers as $header) {

            $regex= '/('.$header.')\s*\:/i';

            $string= preg_replace($regex, '\1_', $string);

        }

        return $string;

    }

}

?>

 

No comments yet

Back to articles list

This page was last modified on 2024-04-19 10:05:03

Menu ;)

Български| English

• Home
• Articles
  
• Search
  
• Questions
  
• Comming up
  
• WebMail

Hints and tips

apache bash cmd database java javascript linux mod_rewrite mssql mysql oracle os perl php regex rsync ssh svn unix web_design windows

All tips

Newsletter

Subscribe for the newsletter with the latest articles and manuals on this site. Provide the address, where you would like to receive the newsletter.

Links

Articles | Search | Дива пчела | WebMail | Top
© 2006-2020 Ustrem.org is powered by bobi_at_ustrem.org, onzi_at_ustrem.org and Slackware linux | Design by Andreas Viklund