CFLib.org – Common Function Library Project

trimFalseEmailHeaders(str)

Last updated February 03, 2006

author

Tony Brandner

Version: 1 | Requires: CF5 | Library: SecurityLib

Description:
Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection. This includes 'content-type','mime-version','to','bcc' and 'subject'. It keeps the value intact, but replaces colons to avoid injection. Credit to: http://www.webmasterworld.com/forum10/9776-2-10.htm E-mail injection: http://en.wikipedia.org/wiki/Email_Injection

Return Values:
Returns a string.

Example:

<cfset mailTo = "test@domain.com">
<cfset mailBody = "test injection#CHR(10)#Content-type: text/plain#CHR(10)#">

<cfset cleanMailBody = trimFalseEmailHeaders(mailBody )>

Parameters:

Name Description Required
str String to parse. Yes

Full UDF Source: 

/**
 * Clean variables, such as form input, to modify values that may have been entered to perform e-mail injection.
 * 
 * @param str      String to parse. (Required)
 * @return Returns a string. 
 * @author Tony Brandner (tony@brandners.com) 
 * @version 1, February 3, 2006 
 */
function trimFalseEmailHeaders(str) {
    str = replaceNoCase(str, "Content-Type:", "content-type;", "ALL" );
    str = replaceNoCase(str, "MIME-Version:", "mime-version;", "ALL" );
    str = replaceNoCase(str, "To: ", "to; ", "ALL" );
    str = replaceNoCase(str, "From: ", "from; ", "ALL" );
    str = replaceNoCase(str, "bcc: ", "bcc; ", "ALL" );
    str = replaceNoCase(str, "Subject: ", "subject; ", "ALL" );
    return str;
}

Search CFLib.org


Latest Additions

Raymond Camden added
QueryDeleteRows
November 04, 2017

Leigh added
nullPad
May 11, 2016

Raymond Camden added
stripHTML
May 10, 2016

Kevin Cotton added
date2ExcelDate
May 05, 2016

Raymond Camden added
CapFirst
April 25, 2016

Created by Raymond Camden / Design by Justin Johnson

Copyright 2018, All Rights Reserved
Submit A UDF | RSS