php格式的安全漏洞

时间:2013-04-24 15:15:57

标签: php forms security email

显然我的php电子邮件表单中充满了安全漏洞,我该怎么办才能修复它们?

我的意思是安全漏洞,黑客/机器人能够在我的表单中注入额外的标题(例如bcc)并以我的名义发送垃圾邮件

有什么建议吗?

<?php
/*
 * Template Name: Contact Form Page
*/
if(isset($_POST['submitted'])) {
        //Check to make sure that the name field is not empty
        if(trim($_POST['contactName']) === '') {
            $nameError = __("You forgot to enter your name.", "site5framework");
            $hasError = true;
        } else {
            $name = trim($_POST['contactName']);
        }

        //Check to make sure sure that a valid email address is submitted
        if(trim($_POST['email']) === '')  {
            $emailError = __("You forgot to enter your email address.", "site5framework");
            $hasError = true;
        } else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) {
            $emailError = __("You entered an invalid email address.", "site5framework");
            $hasError = true;
        } else {
            $email = trim($_POST['email']);
        }

        //Check to make sure comments were entered
        if(trim($_POST['comments']) === '') {
            $commentError = __("You forgot to enter your comments.", "site5framework");
            $hasError = true;
        } else {
            if(function_exists('stripslashes')) {
                $comments = stripslashes(trim($_POST['comments']));
            } else {
                $comments = trim($_POST['comments']);
            }
        }

        //If there is no error, send the email
        if(!isset($hasError)) {
            $msg .= "------------User Info------------ \r\n"; //Title
            $msg .= "User IP: ".$_SERVER["REMOTE_ADDR"]."\r\n"; //Sender's IP
            $msg .= "Browser Info: ".$_SERVER["HTTP_USER_AGENT"]."\r\n"; //User agent
            $msg .= "Referrer: ".$_SERVER["HTTP_REFERER"]; //Referrer

            $emailTo = ''.of_get_option('sc_contact_email').'';
            $subject = 'Contact Form Submission From '.$name;
            $body = "Name: $name \n\nEmail: $email \n\nMessage: $comments \n\n $msg";
            $headers = 'From: '.$name.' <'.$email.'>' . "\r\n" . 'Reply-To: ' . $email;

            if(mail($emailTo, $subject, $body, $headers)) $emailSent = true;

    }

}
get_header();
?>

            <div id="content" class="container clearfix">

                <!-- page header -->
                <div class="container clearfix ">



                    <?php if(of_get_option('sc_contact_map') != '') { ?>
                        <!-- contact map -->
                        <div id="contact-map">
                        <?php echo of_get_option('sc_contact_map') ?>
                        </div>
                        <!-- end contact map -->
                    <?php } else if(of_get_option('sc_showpageheader') == '1' &&  get_post_meta($post->ID, 'snbpd_ph_disabled', true) != 'on' ) : ?>

                        <?php if(get_post_meta($post->ID, 'snbpd_phitemlink', true)!= '') : ?>

                        <?php
                        $thumbId = get_image_id_by_link ( get_post_meta($post->ID, 'snbpd_phitemlink', true) );
                        $thumb = wp_get_attachment_image_src($thumbId, 'page-header', false);
                        ?>
                        <img class="intro-img" alt=" " src="<?php echo $thumb[0] ?>" alt="<?php the_title(); ?>"  />

                        <?php elseif (of_get_option('sc_pageheaderurl') !='' ): ?>

                            <?php
                            $thumbId = get_image_id_by_link ( of_get_option('sc_pageheaderurl') );
                            $thumb = wp_get_attachment_image_src($thumbId, 'page-header', false);
                            ?>
                            <img class="intro-img" alt=" " src="<?php echo $thumb[0] ?>" alt="<?php the_title(); ?>"  />

                        <?php else: ?>

                            <img class="intro-img" alt=" " src="<?php echo get_template_directory_uri(); ?>/library/images/inner-page-bg.jpg" />

                        <?php endif ?>
                    <?php endif ?>

                </div>


                <!-- content -->
                <div class="container">

                    <h1><?php the_title(); ?> <?php if ( !get_post_meta($post->ID, 'snbpd_pagedesc', true)== '') { ?>/<?php }?> <span><?php echo get_post_meta($post->ID, 'snbpd_pagedesc', true); ?></span></h1>

                    <article id="post-<?php the_ID(); ?>" <?php post_class('clearfix'); ?> role="article">

                        <?php if (have_posts()) : while (have_posts()) : the_post(); ?>

                            <div class="page-body clearfix">
                                <?php the_content(); ?>
                            </div>


                            <div class="one-third">
                                <div class="caddress"><strong><?php _e('Address:', 'site5framework') ?></strong> <?php echo of_get_option('sc_contact_address') ?></div>
                                <div class="cphone"><strong><?php _e('Phone:', 'site5framework') ?></strong> <?php echo of_get_option('sc_contact_phone') ?></div>
                                <div class="cphone"><strong><?php _e('Fax:', 'site5framework') ?></strong> <?php echo of_get_option('sc_contact_fax') ?></div>
                                <div class="cemail"><strong><?php _e('E-mail:', 'site5framework') ?></strong> <a href="mailto:<?php echo of_get_option('sc_contact_email') ?>"><?php echo of_get_option('sc_contact_email') ?></a></div>

                            </div>

                            <div class="two-third last">
                                <div id="messages">
                                    <p class="simple-error error" <?php if($hasError != '') echo 'style="display:block;"'; ?>><?php _e('There was an error submitting the form.', 'site5framework'); ?></p>

                                    <p class="simple-success thanks"><?php _e('<strong>Thanks!</strong> Your email was successfully sent. We should be in touch soon.', 'site5framework'); ?></p>
                                </div>

                                <form id="contactForm" method="POST">
                                    <div class="one-third">
                                        <label for="nameinput"><?php _e("Your name", "site5framework"); ?></label>
                                        <input type="text" id="nameinput" name="contactName" value="<?php if(isset($_POST['contactName'])) echo $_POST['contactName'];?>" class="requiredField"/>
                                        <span class="error" <?php if($nameError != '') echo 'style="display:block;"'; ?>><?php _e("You forgot to enter your name.", "site5framework");?></span>
                                    </div>
                                    <div class="one-third last">
                                        <label for="emailinput"><?php _e("Your email", "site5framework"); ?></label>
                                            <input type="text" id="emailinput" name="email" value="<?php if(isset($_POST['email']))  echo $_POST['email'];?>" class="requiredField email"/>
                                          <span class="error" <?php if($emailError != '') echo 'style="display:block;"'; ?>><?php _e("You forgot to enter your email address.", "site5framework");?></span>
                                    </div>
                                    <div class="two-third">
                                        <label for="nameinput"><?php _e("Area/Rep", "site5framework"); ?></label>
                                        <select>
                                            <option>Area 1 - Engela</option>
                                            <option>Area 2 - Francois</option>
                                            <option>Area 3 - Johan</option>
                                        </select>
                                    </div>
                                    <div class="two-third">
                                    <label for="Mymessage"><?php _e("Your message", "site5framework"); ?></label>
                                        <textarea cols="20" rows="20" id="Mymessage" name="comments" class="requiredField"><?php if(isset($_POST['comments'])) { if(function_exists('stripslashes')) { echo stripslashes($_POST['comments']); } else { echo $_POST['comments']; } } ?></textarea>
                                          <span class="error" <?php if($commentError != '') echo 'style="display:block;"'; ?>><?php _e("You forgot to enter your comments.", "site5framework");?></span>
                                    </div>
                                    <br class="clear" />
                                    <input type="hidden" name="submitted" id="submitted" value="true" />
                                    <button type="submit" id="submitbutton" class="button small round orange"><?php _e(' &nbsp;SEND MESSAGE&nbsp; ', 'site5framework'); ?></button>

                                </form>

                            </div>



                        <?php endwhile; ?>
                    </article>

                    <?php else : ?>

                    <article id="post-not-found">
                        <header>
                            <h1><?php _e("Not Found", "site5framework"); ?></h1>
                        </header>
                        <section class="post_content">
                            <p><?php _e("Sorry, but the requested resource was not found on this site.", "site5framework"); ?></p>
                        </section>
                        <footer>
                        </footer>
                    </article>

                    <?php endif; ?>


                </div>


            </div> <!-- end content -->

            <?php get_footer(); ?> 

2 个答案:

答案 0 :(得分:3)

使用其他联系人模板!

联系人模板在网站中是一个非常脆弱的点,这个非常不安全(我猜/希望它很老)。

好奇的几点(只是乍一看,可能会有更多的问题)

  • $name参数未转义,恶意用户可以输入例如bcc地址,这将添加到标题部分,此处
  • $email参数的正则表达式允许%,因此可以输入url_encoded标记,例如< >
  • $comments也没有安全保障..

答案 1 :(得分:2)

为什么您需要让用户发送包含aribtrary名称和电子邮件地址的电子邮件?你想成为一个开放的代理吗?

P.S。像这样的行不会做你想要的,因为它们不处理没有参数或传递数组的情况。

trim($_POST['contactName']) === ''