New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This code is insecure, don’t use it! #1

Open

JuliusPC opened this issue Mar 22, 2020 · 0 comments

JuliusPC commented Mar 22, 2020

Your code contains several security flaws that can and will bite newbies copying the code on their servers.

you omit htmlspecialchars → XSS
the form is not protected against Cross Site Request Forgery
user input is pasted unchecked in the mail’s headers → an attacker could easily send email to other adresses
there are libraries for sending email: PHPMailer, SwiftMailer
There is no reason for implementing such thing by yourself.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment