grahamgr3 Posted February 8, 2014 Share Posted February 8, 2014 2 problems with my code, the filter_var doesn't seem to work at all for any of my variables, also the spam_scrubber function doesn't seem to clean \r, and \n, when put in my contact form, it cleans all the rest though just fine. <?php // resources.php function spam_scrubber($value){ $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:'); foreach ($very_bad as $v){ if (stripos($value, $v) !== false) return ''; } $value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value); return trim($value); }//end of spam_scrubber function $scrubbed = array_map('spam_scrubber', $_POST); $comments = strip_tags($scrubbed['comments']); $url = $scrubbed['url']; if (isset($url)){ filter_var($url, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL); } else { echo NULL; } $url2 = $scrubbed['url2']; if (isset($url2)){ filter_var($url2, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL); } else { echo NULL; } $linkpageurl = $scrubbed['linkpageurl']; if (isset($linkpageurl)){ filter_var($linkpageurl, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL); } else { echo NULL; } $linkpageurl2 = $scrubbed['linkpageurl2']; if (isset($linkpageurl2)){ filter_var($linkpageurl2, FILTER_VALIDATE_URL, FILTER_SANITIZE_URL); } else { echo NULL; } $email = $scrubbed['email']; if (isset($email)){ filter_var($email, FILTER_VALIDATE_EMAIL, FILTER_SANITIZE_EMAIL); } else { echo NULL; } $pagerank = $scrubbed['pagerank']; if (isset($pagerank)){ filter_var($pagerank, FILTER_VALIDATE_INT, FILTER_SANITIZE_NUMBER_INT); } else { echo NULL; } if (!empty($email) && !empty($url) && !empty($linkpageurl) && !empty($comments) && !empty($pagerank)){ $body = "Email: {$email}\n\n Url: {$url}\n\n Url2: {$url2}\n\n Pagerank: {$pagerank}\n\n Linkpageurl: {$linkpageurl} \n\n Linkpageurl2: {$linkpageurl2}\n\n Comments: {$comments}"; $body = wordwrap($body, 70); $headers = "From: {$email}\r\n"; mail('email@example.com', 'Link Exchange Form Submission', $body, $headers); echo '<p><em>Thank you for contacting us.</em></p><div id="formecho"><h3>Form submission received, we will get back to you soon.</h3></div>'; $_POST = array(); } else { echo '<p style="font-weight: bold; color: #C00">Please fill out the form completely.</p>'; } ?> <div id="form"> <form action="linkexchangecontactform2.php" method="post"> <p><b>Email:</b> <input type="text" size="30" maxlength="50" name="email" value="<?php if(isset($scrubbed['submit']))echo $scrubbed['email']; ?>" /></p> <p><b>Url:</b> <input type="text" size="30" maxlength="50" name="url" value="<?php if(isset($scrubbed['url']))echo $scrubbed['url']; ?>" /></p> <p><b>2nd Url (leave empty if you have just 1 website):</b><br /> <input type="text" size="30" maxlength="50" name="url2" value="<?php if(isset($scrubbed['url2']))echo $scrubbed['url2']; ?>" /></p> <p><b>Pagerank:</b> <input type="text" size="5" maxlength="10" name="pagerank" value="<?php if(isset($scrubbed['pagerank']))echo $scrubbed['pagerank']; ?>" /></p> <p><b>Link page url:</b> <input type="text" size="30" maxlength="50" name="linkpageurl" value="<?php if(isset($scrubbed['linkpageurl']))echo $scrubbed['linkpageurl']; ?>" /></p> <p><b>2nd Link page url (leave empty if you have just 1 website):</b><br /> <input type="text" size="30" maxlength="50" name="linkpageurl2" value="<?php if(isset($scrubbed['linkpageurl2']))echo $scrubbed['linkpageurl2']; ?>" /></p> <p><b>Comments:</b><br> <textarea name="comments" rows="7" cols="40"><?php if (isset($scrubbed['comments'])) echo $scrubbed['comments']; ?></textarea></p> <p><input type="submit" name="submit" value="Submit" /></p> </form></div> Link to comment Share on other sites More sharing options...
Larry Posted February 10, 2014 Share Posted February 10, 2014 You're not using filter_var() properly. You should recheck how it's used in the book. As for \r and \n, how do you know those aren't working? Link to comment Share on other sites More sharing options...
Recommended Posts