我网站上的所有突然联系表格都是从1970年1月1日起进入我的收件箱???
他们最终在我的收件箱底部,我错过了几个线索......
任何想法如何突然发生?
我在联系页面上使用的代码是: -
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my email address";
$email_subject = "Website Contact Enquiry";
function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['tel']) ||
!isset($_POST['message'])||
!isset($_POST['formtype'])
) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$tel = $_POST['tel']; // required
$message = $_POST['message']; // required
$formtype = $_POST['formtype'];
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Tel: ".clean_string($tel)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
$email_message .= "formtype: ".clean_string($formtype)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion().date();
@mail($email_to, $email_subject, $email_message, $headers);
?>
答案 0 :(得分:1)
将此添加到标题中:
'Date: ' . date('r'),
另外,请务必清理$email_from
。现在,您允许垃圾邮件发送者向其他收件人发送电子邮件并更改标题。在此处阅读更多内容:http://www.securephpwiki.com/index.php/Email_Injection