Exemplos de has_header_injection em PHP

Exemplo n.º 1

Arquivo: email_action.php Projeto: Haroenv/publicarray.github.io

$email_exp = '/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/';
$string_exp = "/^[A-Za-z .'-äüöÄÜÖ]+\$/";
function has_header_injection($str)
{
    return preg_match("/[\r\n]/", $str);
}
if (empty($_POST)) {
    exit(1);
    // $error.= 'Expected POST Request<br>';
} else {
    $spam = $_POST['title'];
    $name = htmlspecialchars(trim($_POST['name']));
    $subject = htmlspecialchars(trim($_POST['subject']));
    $email_from = htmlspecialchars(trim($_POST['email']));
    $message = htmlspecialchars($_POST['message']);
    if (has_header_injection($name) || has_header_injection($subject) || has_header_injection($email_from)) {
        if (strlen($spam > 0)) {
            $error .= 'Sorry, but it appears a Spam Boot is trying to submit this form. <br>';
        }
    }
    if (empty($name)) {
        $error .= 'Please enter your Name. <br>';
    } else {
        if (!preg_match($string_exp, $name)) {
            $error .= 'You entered unknown characters as your Name. Use A-Z, dots or slashes only. <br>';
        }
    }
    if (empty($subject)) {
        // $error.= 'Please enter a Subject. <br>';
    } else {
        if (!preg_match($string_exp, $name)) {

Exemplo n.º 2

Arquivo: contact.php Projeto: horaciomo/Personal-Website

                        <div class="col-md-6">
                        
                            <?php 
//functin for header injection.
function has_header_injection($str)
{
    return preg_match("/[\r\n]/", $str);
}
//verify if the form is submitted
if (isset($_POST['contact_submit'])) {
    //Trim function - Eliminate white space and asign to variables
    $name = trim($_POST['name']);
    $email = trim($_POST['email']);
    $msg = $_POST['message'];
    //verify header injection
    if (has_header_injection($name || has_header_injection($email))) {
        die;
    }
    //verify if any field is empty
    if (!$name || !$email || !$msg) {
        echo "<h4 class='alert alert-danger'>All fields required</h4><a href='#contact' class='btn btn-default'>Try again</a>";
        exit;
    }
    //variables for the recipient
    $to = "*****@*****.**";
    $subject = "{$name} sent you a message via the contact form";
    //construct the message
    $message = "Name: {$name}\r\n";
    $message .= "Email: {$email}\r\n";
    $message .= "Message: \r\n";
    $message .= "{$msg}";

Exemplo n.º 3

Arquivo: recruiters.php Projeto: uclagig/uclagig.github.io

        
                <?php 
//check for header injections
function has_header_injection($str)
{
    return preg_match("/[\r\n]/", $str);
}
if (isset($_POST['contact_submit'])) {
    $name = trim($_POST['name']);
    $name = trim($_POST['company']);
    $email = trim($_POST['email']);
    $message = trim($_POST['message']);
    //check to see if name or email have header injections
    if (has_header_injection($name) || has_header_injection($company) || has_header_injection($email) || has_header_injection($message)) {
        die;
    }
    //basic validation checks
    if (!$name || !company || !$email || !$message) {
        echo '<script>alert("All fields are required.")</script>';
    }
    //add recipient
    $to = "*****@*****.**";
    $subject = "{$name} wants to be on the email list for Gig!";
    $email_body = "Name: {$name}\r\n";
    $email_body .= "Company: {$company}\r\n";
    $email_body .= "Email: {$email}\r\n";
    $email_body .= "Message: {$message}\r\n";
    $email_body = wordwrap($email_body, 72);
    //set mail headers