Courtesy of Gary Butler, please install this to avoid having spammers use your server as their spam factory. In functions/general.php add this function: function tep_email_injection_check($input) { if (eregi("\r", $input) || eregi("\n", $input) || eregi("%0a", $input) || eregi("%0d", $input) || eregi("Content-Type:", $input) || eregi("bcc:", $input) || eregi("to:", $input) || eregi("cc:", $input)) { return true; } else { return false; } } PHP: Then around line 1189 where the tep_mail function is find: if (SEND_EMAILS != 'true') return false; PHP: And directly below it add: // Custom injection checks if (tep_email_injection_check($to_name)) return false; if (tep_email_injection_check($to_email_address)) return false; if (tep_email_injection_check($email_subject)) return false; if (tep_email_injection_check($from_email_name)) return false; if (tep_email_injection_check($from_email_address)) return false; PHP: This will bail out of sending any mail from your server (front-end osC) if injection is detected. I've not posted this to the official bug tracker because last time I did that they just deleted it without any attention. Keywords so this thread will rank: oscommerce email injection oscommerce mail injection oscommerce spam prevention oscommerce spam injection oscommerce contact us spam oscommerce prevent spam oscommerce contact_us.php spam
I'm sorry in advance for putting it up again. But I looked for that for so long that i think he should get a special thank you. so, thank you. Brooke
oscommerce is just like phpbb once you install it and then you just mess up with to just run it properly!
yes this is very old thread please be careful next time otherwise dp may bann you, its okey it happens sometimes, but hope this code helpful for other members....