0

我有一个在成功提交后发送电子邮件的 Ajax 表单。这在我的本地环境中没有任何问题。当我计划使用该页面时,我需要为来自表单的数据添加某种形式的清理,主要是为了防止邮件标题注入。

为此,我使用以下功能:

// see http://www.erich-kachel.de/?p=26 for details
function QB_SECURE_MAIL_PARAM($param_ = '', $level_ = 2) { 

    unset($filtered); 
    /* replace until done */ 
    while ($param_ != $filtered || !isset($filtered)) { 
        if (isset($filtered)) { 
            $param_ = $filtered; 
        } 
        $filtered = preg_replace( 
            "/(Content-Transfer-Encoding:|MIME-Version:|content-type:|" . 
            "Subject:|to:|cc:|bcc:|from:|reply-to:)/ims", "", $param_); 
    } 
    unset($filtered); 

    if ($level_ >= 2) { 
        /* replace until done */ 
        while ($param_ != $filtered || !isset($filtered)) { 
            if (isset($filtered)) { 
                $param_ = $filtered; 
            }         
            $filtered = preg_replace( 
                "/(%0A|\\\\r|%0D|\\\\n|%00|\\\\0|%09|\\\\t|%01|%02|%03|%04|%05|" .
                "%06|%07|%08|%09|%0B|%0C|%0E|%0F|%10|%11|%12|%13)/ims", "", $param_);
        } 
    } 
    return $param_; 
} 

例如,给出了以下代码段:

$headers = "From: " . QB_SECURE_MAIL_PARAM($from); 

mail(QB_SECURE_MAIL_PARAM($recipient), 
     QB_SECURE_MAIL_PARAM($subject), 
     QB_SECURE_MAIL_PARAM($message, 1), 
     $headers); 

在我的代码中,看起来像这样:

$email = QB_SECURE_MAIL_PARAM( $email );
$name = QB_SECURE_MAIL_PARAM( $name );
$message = QB_SECURE_MAIL_PARAM( $message , 1 );

$header  = "MIME-Version: 1.0" . "\r\n";
$header .= "Content-type: text/html; charset=utf-8" . "\r\n";
$header .= "Content-Transfer-Encoding: quoted-printable" . "\r\n";
$header .= "Reply-To:" . $email . "\r\n";
$header .= "From: myForm <noreply@form.net>" . "\r\n";
mail ( "my.mail@mail.com" , "You have a message from " .  $name . " waiting for you" , $message , $header ); 

邮件被发送,但在 AJAX 中error事件被触发。为什么?

我再说一遍:没有这个QB_SECURE_MAIL_PARAM功能一切正常,所以问题就在那里。

4

1 回答 1

0

可能是 Mime 版本的一些问题

于 2013-02-18T05:20:08.620 回答