* Thus wrote Manuel Lemos: > Hello, > > On 07/16/2004 10:49 PM, Curt Zirzow wrote: > >>>>remove carriage returns to prevent embedded email directives > >>> > >>>In an other thread, I readed that sentence. I'm interested to find more > >>>information about that. I have some mail forms and want to make them as > >>>secure and possible, but do not know about what and where should I > >>>filter. > >>> > >>>Should I filter all CR and LF Just in headers or also I should do that > >>>in the message body? (Which is sent in the SMTP DATA section). > >> > >>For SMTP, all lines should be ended with CR+LF, or else messages may be > >>discarded by spam filters or other programs. However, if you use the > >>mail() function it may do some filtering on its own. > > > > > >The mail() function does not do any filtering. > > Read the source first to learn more about it.
I have read it, and am very familiar with it. Every time there is a post about mail() and the person is unfamiliar with properly sending SMTP headers or data to sendmail, You *claim* its a bug with php's mail() call without knowing what version of php they are using. You never ask if they are using windows which uses php's built in sendmail tool. Nor do you never ask what MTA that sendmail is really representing. My reponses to you're email's are not targeted against you, but simply correcting the facts as of current. As far as what filtering is going on, please enlighten me, this is the logic of the mail function: trim leading space and make To: rfc822 compliant trim leading space and make Subject: rfc822 compliant open pipe to sendmail send the To: address send the Subject: if headers was sepecified, send those as well send the message. close the pipe to sendmail. Now I do wonder where in the world filtering is going on there. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
