New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize user input in mail.php #23

Open

stephankn opened this issue Mar 10, 2018 · 0 comments

stephankn commented Mar 10, 2018

Shouldn't the user input be a bit sanitized to prevent a possible attack vector against the mail client?

Contactable/mail.php

Lines 3 to 7 in a576ce4

    
           $name = stripcslashes($_POST['name']); 
        
           $emailAddr = stripcslashes($_POST['email']); 
        
           $issue = stripcslashes($_POST['issue']); 
        
           $comment = stripcslashes($_POST['message']); 
        
           $subject = stripcslashes($_POST['subject']);

Wrapping these lines with htmlentitiesand ENT_QUOTES would make it probably much more secure already.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment