I'm a bit baffled by php's stripos function. This is my first attempt at using it. I'm trying to use it to prevent header injection in a contact form.
Code: Select all
if(stripos($message, 'to:') ||
stripos($message, 'cc:') ||
stripos($message, 'bcc:') ||
stripos($message, 'content-type:') ||
stripos($message, 'mime-version:') ||
stripos($message, 'content-transfer-encoding:'))
{
displays warning, does not send email
}
else{
sends email
}
Strangely, this works only if two or more of the prohibited strings are included in the message, but the message goes through with no warning displayed if only one of the prohibited strings is included. Can anyone explain this to me?
Thanks,
Drew