New to CI - Email Class Advice |
[eluser]fusionblu[/eluser]
Hi, I am building a website that involves mailing of forms and registration data. This question is regarding the use of CI Email class. Does the class provide in build 'Header injection protection' ? or do I have to build a wrapper around it?
[eluser]GSV Sleeper Service[/eluser]
it looks like it does. from system/libraries/Email.php Code: /**
[eluser]webbower[/eluser]
I don't think that's sufficient enough. I was curious about how CI handles Email Header Injection attacks and near as I can tell, it either does it silently or not at all. The old Secure PHP Wiki (www.securephpwiki.com) which doesn't seem to want to come up anymore had a good article about the topic. I managed to bring up the old page (minus the styling and formatting unfortunately) with the Internet Archive's Wayback machine (it may take a little while to load) Email Header Injection Attacks Thoughts? |
Welcome Guest, Not a member yet? Register Sign In |