CFLib.org – Common Function Library Project

trimFalseEmailHeaders(str)

Last updated February 3, 2006

author

Tony Brandner

Version: 1 | Requires: CF5 | Library: SecurityLib

Description:
Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection. This includes 'content-type','mime-version','to','bcc' and 'subject'. It keeps the value intact, but replaces colons to avoid injection. Credit to: http://www.webmasterworld.com/forum10/9776-2-10.htm E-mail injection: http://en.wikipedia.org/wiki/Email_Injection

Return Values:
Returns a string.

Example:

<cfset mailTo = "test@domain.com">
<cfset mailBody = "test injection#CHR(10)#Content-type: text/plain#CHR(10)#">

<cfset cleanMailBody = trimFalseEmailHeaders(mailBody )>

Parameters:

Name Description Required
str String to parse. Yes

Full UDF Source:

/**
 * Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection.
 * 
 * @param str 	 String to parse. (Required)
 * @return Returns a string. 
 * @author Tony Brandner (tony@brandners.com) 
 * @version 1, February 3, 2006 
 */
function trimFalseEmailHeaders(str) {
	str = replaceNoCase(str, "Content-Type:", "content-type;", "ALL" );
	str = replaceNoCase(str, "MIME-Version:", "mime-version;", "ALL" );
	str = replaceNoCase(str, "To: ", "to; ", "ALL" );
	str = replaceNoCase(str, "From: ", "from; ", "ALL" );
	str = replaceNoCase(str, "bcc: ", "bcc; ", "ALL" );
	str = replaceNoCase(str, "Subject: ", "subject; ", "ALL" );
	return str;
}
blog comments powered by Disqus

Search CFLib.org


Latest Additions

Kevin Cotton added
date2ExcelDate
May 5, 2016

Raymond Camden added
CapFirst
April 25, 2016

Chris Wigginton added
loremIpsum
January 18, 2016

Gary Stanton added
calculateArrival...
November 19, 2015

Sebastiaan Naafs - van Dijk added
getDaysInQuarter
November 13, 2015

Created by Raymond Camden / Design by Justin Johnson