Reputation: 11279
are there commonly known risks of PHP generated email?
In the following code, an email is sent via PHP, Apache, and Linux. A comment from a website user, $comment, and her $emailFrom address, are obviously potentially of an unknown nature. Do these fields need any filtering due to any commonly known security risks? The receiving email system would be Gmail and processed by a human and there is no other intervening software other than what is inherent to the internet.
$headers = "From: " . $emailFrom . "\r\n" .
"Reply-To: " . $emailFrom . "\r\n" .
"X-Mailer: PHP/" . phpversion();
mail("[email protected]",
"a message from somebody that viewed my website ",
$comment, $headers);
Upvotes: 0
Views: 51
Answers (2)
Reputation: 48357
You've already (tersely) pointed out the problem of email header injection.
The next issue is that the body of the email may contain stuff harmful to the recipient. Although MIME email requires a specific header to announce that it contains MIME encoded data, some MTAs will accept and transparently re-encode binary streams. And Some MUAs will happily convert anything following /^begin [0-7]{3,4} [a-zA-Z_.]+/ into an attachment.
i.e. as it stands your code pretty much allows anyone to send anything to anybody.
A further issue is that there are still a lot of badly written webmail clients out there (there are also a lot of good ones) which allow embdedded iframes, and scripts in the body. Gmail is one of the better ones, but there's still the possibility of an exploitable vulnerability there.
i.e. once you've fixed the header injection thing, you might want to check for uu and base64 encoding within the body and run it through strip_tags, then convert it to quoted printable.
Upvotes: 0
Reputation: 1626
Please note, that this question might be better suited for Stackoverflow/Codereview. Please review this help article 'What topics can I ask about here?' for more information.
If you take a look at this question, the OP of the question has pasted the whole script, which you might use as guideline on validation and etc.
Both of the answers suggest using a already made solution for sending mails, to which I would like to add:
- SwiftMailer - http://swiftmailer.org/ - backed by Sensio Labs
Why should you use a 3rd party library:
- Less overhead on maintenance
- Most of the work is done for you
- Don't reinvent the wheel for every small common task.
To address your question's security aspect, I would like to add that: - You have to validate and filter the information passed to the script, This should be a general practice, not only in the case of sending emails, but whenever using user provided input in to the application.
Developers need to design software with the realization that some of their users will be evil, and design accordingly. You can't trust user input, ever. - Jeff Atwood, here
Upvotes: 1
Related Questions
- PHP's mail(): What are potential issues to watch out for?
- Mail function can be misused
- Is there any danger using unsanitised post data in a mail command with PHP?
- Can malicious code be inserted into an email?
- Does PHP's mail() function prevent abuse?
- Effect of using PHP mail()
- queries regarding PHP mail() 'issues'
- Is there a risk of injection using mail function
- Is there any risk of injection in PHP's mail() function?
- php and email interaction