堆栈内存溢出
  简体   繁体   English

验证用于电子邮件攻击的表单不起作用

[英]Validating a form for email exploits is not working

 原文  2010-08-13 14:23:13       php/ oop/ validation

问题描述

I have a contact form in my website. 我的网站上有联系表。 I made a class to handle the whole process. 我上了一堂课来处理整个过程。 But there is something not working in it. 但是其中有些不起作用。

I have 2 functions to check for exploitation and they are not working. 我有2个功能可以检查漏洞利用情况,它们无法正常工作。 I don't know what's wrong with them, so here they are : 我不知道他们怎么了,所以这里是: 

private function _validateExploit($val) {
    $exploitPattrens = array('content-type', 'to:', 'bcc:', 'cc:', 'document.cookie', 'document.write', 'onclick', 'onload', '\n', '\r', '\t', '%0A', '%0D', '%08', '%09');

    foreach ($exploitPattrens as $exploit) {
        if (strpos($exploit, $val) !== false){
            return true;
        }
    }
    return false;
}

public function isExploit () {

    if(call_user_func_array(array($this, '_validateExploit'), $_POST)) {
          echo $errorMsg;
     }
 }

When I call isExploit() it always return false, no matter what I give it as an input. 当我调用isExploit()时,无论我提供什么作为输入,它总是返回false。

I guess there is something wrong with the call_user_func_array , but I can't find it. 我猜call_user_func_array出了点问题,但是我找不到。

Thanks in advance! 提前致谢!

2 个解决方案

解决方案1
 0  2010-08-13 14:27:35

strpos($exploit, $val) should be strpos($val, $exploit) strpos($exploit, $val)应该是strpos($val, $exploit)

You also have echo $errorMsg; 您也有echo $errorMsg; but $errorMsg is never defined. 但是从未定义$errorMsg

And I think you probably want array_walk ( http://us3.php.net/manual/en/function.array-walk.php ) rather than call_user_func_array . 而且我认为您可能希望使用array_walkhttp://us3.php.net/manual/en/function.array-walk.php )而不是call_user_func_array I would just loop through $_POST rather than use either of those functions though. 我只会遍历$ _POST而不是使用其中任何一个函数。 I don't think they really buy you anything in this case - and they might not return values the way you are expecting. 在这种情况下,我认为他们并没有真正给您买任何东西-并且他们可能不会以您期望的方式返回值。

解决方案2
 0  2010-08-13 14:40:18

You are passing the $_POST variable to the function. 您正在将$_POST变量传递给该函数。 $_POST is an array as the call_user_func_array() function requires, but you are not treating it like an array in the _validateExploit function. $_POSTcall_user_func_array()函数所需的数组,但是您不会在_validateExploit函数中将其_validateExploit数组。 You are treating it like a string. 您将其视为字符串。 You need to loop through the $val array as well testing each item in that array or just pick one. 您需要遍历$ val数组以及测试该数组中的每一项,或者只选择其中一项。 You also have your haystack and needle reversed in strpos() as indicated in another answer. 如另一个答案所示,您还可以在strpos()中将干草堆和针头取反。 

private function _validateExploit($val) {
    $exploitPattrens = array('content-type', 'to:', 'bcc:', 'cc:', 'document.cookie', 'document.write', 'onclick', 'onload', '\n', '\r', '\t', '%0A', '%0D', '%08', '%09');

    foreach ($exploitPattrens as $exploit) {
        foreach ($val as $itm) {
            if (strpos($itm, $exploit) !== false){
                return true;
            }
        }
    }
    return false;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 验证电子邮件表格 - Validating email form 报名表(验证邮件) - Registration form (validating email) PHP电子邮件表单验证不 - PHP email form validating doesn PHP电子邮件表单验证不正确 - PHP Email form validating incorrectly javascript无法正常工作,表单无法验证 - javascript is not working, form is not validating 验证Javascript中的表单不起作用 - Validating a form in Javascript not working 使用PHP验证表单中的电子邮件输入 - Validating email input in form using PHP Yii2表单已验证但未提交发送电子邮件 - Yii2 form validating but not submitting to send email 在发送表单之前验证号码和电子邮件字段 - Validating number and email fields before form is sent PHP电子邮件表单不起作用 - PHP Email Form Not Working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM