[thelist] removing line feed and carriage return characters incoldfusion
Chris Hayes
chris at lwcdial.net
Fri Jul 21 17:55:07 CDT 2006
Can't see how this affects CFMAIL.
If anybody can I'd be keen to look into it further.
If you're going to replace CRLF you should use replacenocase(string,
replace_string, "ALL") as regex replaces are slower
than a straight replace, and I think case is irrelevant with CRLF.
the CF for CRLF is "'#chr(10)##chr(13)#"... this should work for REReplace
----- Original Message -----
From: "Sarah Adams" <mrsanders at designshift.com>
To: "thelist" <thelist at lists.evolt.org>
Sent: Friday, July 21, 2006 6:03 PM
Subject: [thelist] removing line feed and carriage return characters
incoldfusion
> In my reading about how to prevent email header injection attacks, I've
> seen many references to removing the following new line characters:
>
> \n and %0A - line feed
> \r and %0D - carriage return
>
> Unfortunately all the articles I found were specific to PHP, so I'm not
> quite sure how to translate this into ColdFusion. Here's what I was
> thinking:
>
> <cfif REFindNoCase("[\n#Chr(10)#\r#Chr(13)#]", Form.Email)>
>
> But I'm really not sure if Chr(10) is equivalent to %0A (or, for that
> matter, why checking for \n and \r isn't enough). Suggestions?
>
> --
> sarah adams
> web developer & programmer
> portfolio: http://sarah.designshift.com
> blog: http://hardedge.ca
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.10.3/394 - Release Date: 20/07/2006
>
>
More information about the thelist
mailing list