I know for myself that picking up unparsed userdata is teh evil. But we also all know that the usual webpage and mailer script coder isn't thinking. And to my knowledge the php mail() function is the only one that perverted to parse the headers additional to an explicit given recipient list for additional recipients. Yes, you read right. Often enough people use things like mail("myown@addre.ss", "subject", $body, "From: $_POST['name'] <$_POST['email']>") without thinking about it, because, there is this extra to field anyway. Right? Wrong! SPAMers will come and send things like email="some@jo.ke\nBcc: my@sp.am, list@is.bigg.er, than@you.rs". People that put up such webmail scripts usually don't notice it anyway, they just delete the spam right ahead, not noticing that it was an abuse of their form. And the ISP has to deal with having to get the system out of the blacklists again....
At least none of the hosts on which customers are able to put up such scripts directly affect our own mail system, it's just the shared hosts they use... Still, deadly annoying. And then people are claiming that such misfeatures aren't a problem in PHP but in the coders? If it would at least be documented in the description of the function, but if one can claim it that it is it's at most just very vague hinted...
![[rss feed]](/pics/logo-xml.png){kind=logo}
![[html by vim]](/pics/logo-vim.png){kind=logo}
![[graphics by gimp]](/pics/logo-gimp.png){kind=logo}
![[generated by wml]](/pics/logo-wml.png){kind=logo}
![[powered by blosxom]](/pics/logo-blosxom.png){kind=logo}
Comments are closed for this story.