$v)
{
foreach($badStrings as $v2)
{
if(strpos($v,$v2) !== false)
{
logBadRequest($v);
echo "Detected injection attempt. IP address has been logged.";
exit;
}
}
}
// My own little test to see if someone is trying to SMTP inject
// The email field surely (stop calling me surely!) should not be
// more than 51 chars long! If so, someone is problably trying to inject.
// The textbox's "maxlength" attribute is set to 50, so if the field is
// longer than 50, someone is abusing our script (or trying to!)
if (strlen($form_email) > 51)
{
logBadRequest("email over 50 chars");
echo "Detected injection attempt. IP address has been logged.";
exit;
}
//***********************************end******************************************
$headers = "From: webform@corwine.tv\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/plain\r\n\r\n";
$body = chunk_split("From: $email\r\n\r\nComments:\r\n\r\n $text");
//send message
mail("comments@corwine.tv","Corwine.TV Feedback Submission", $body, $headers);
$_SESSION['submitted']=true;
$mess="submit";
}
elseif ($submit and $text)
{
$err_mess="The proper code was not entered in the box below. It is necessary to type the number displayed in the image in order to prevent automated submissions.";
logBadRequest($text);
}
elseif ($submit)
{
$err_mess="Please enter some comments.";
}
?>
Corwine.TV / Feedback
