Filter special characters
fadlisaad opened this issue · 0 comments
fadlisaad commented
How do we block special characters from being sent? I've try and it was vulnerable to SQL injection.
Subject: Complaint from Yeap
To: recepient@domain.com
X-PHP-Originating-Script: 0:PHPMailer.php
Date: Mon, 8 Dec 2014 17:16:44 +0800
Return-Path: sender@domain.com
From: sender@domain.com
Reply-To: sender@domain.com
Message-ID: <18298f5e9bbefd7eec2a6e7088facba1@localhost>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=iso-8859-1
Internet slow <form method="post">
<?php echo (Form::hidden('csrf', Security::token())); ?>
<label><?php echo __('Name', 'contact'); ?></label>
<input type="text" name="contact_name" class="input-xlarge" value="<?php echo $name; ?>" /><br />
<label><?php echo __('Email', 'contact'); ?></label>
<input type="text" name="contact_email" class="input-xlarge" value="<?php echo $email; ?>" /><br />
<label><?php echo __('Message', 'contact'); ?></label>
<textarea class="input-xxlarge" rows="10" name="contact_body"><?php echo $body; ?></textarea><br /><br />
<?php if (Option::get('captcha_installed') == 'true') { ?>
<label><?php echo __('Captcha', 'users'); ?></label>
<input type="text" name="answer"><?php if (isset($errors['captcha_wrong'])) echo Html::nbsp(3).'<span class="error">'.$errors['captcha_wrong'].'</span>'; ?>
<?php CryptCaptcha::draw(); ?>