1

I am new here and this is my first post. Unfortunately, I am not familiar with php coding and so I need help for the following script. I would like to use this code on my website containing download files. I want to add a link or button next to the download link. When clicking the link the script should be executed and send an email to me with a given text.

Now, I read that this code could be a victim to header injection. As I am not familiar with php I do not know what to change to be protected. Is there anyone who might help me out with a solution? This is the code:

<?php
$to = 'name@example.com';
$subject = 'Broken Download-Link';
$from = 'Subject-Title <name@example.com>';
 
// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
 
// Create email headers
$headers .= 'From: '.$from."\r\n".
    'Reply-To: '.$from."\r\n" .
    'X-Mailer: PHP/' . phpversion();
 
// Compose a simple HTML email message
$message = '<html><body>';
$message .= '<h2 style="color:#080;font-weight:normal;">Hello!</h1>';
$message .= '<p style="color:#000;font-size:18px;font-weight:normal;">Text here:</p>';
$message .= '<p style="color:#f40;font-size:22px;font-weight:bold;">Another text here</p>';
$message .= '</body></html>';
 
// Sending email
if(mail($to, $subject, $message, $headers)){
    echo 'Your mail has been sent successfully.';
} else{
    echo 'Unable to send email. Please try again.';
}
?>

Thank you in advance for any help.

Best regards, Feechen

Feechen
  • 11
  • 1
  • you look for: https://stackoverflow.com/questions/2018963/php-mail-header-injection-prevention ?? – Alexander Dobernig Jan 25 '21 at 13:19
  • Since you're hard-coding `$from`, it's hard to see how the email headers could be vulnerable, tbh. Who told you this? What justification did they give? – ADyson Jan 25 '21 at 13:21
  • @ADyson: I read about it on a website with a similar code. As I did not find a script that does the same or a similar action I do not have another chance than use this script. But if the script is vulnerable I cannot use it. Which solution do you recommend? – Feechen Jan 25 '21 at 13:49
  • 1
    "similar" != "same". Details are important. What was different between your script and the example which was said to be vulnerable? Injection (of any sort) can only take place when user input is being placed inside another location. In your script, you are not putting any user input values into the email header. Therefore, it should not be vulnerable to any kind of injection attack. – ADyson Jan 25 '21 at 13:51
  • P.S. There are hundreds of examples online about how to send emails with PHP. If you want to make a better job of it, find examples which use PhpMailer instead of mail(). It's easier to use, and more structured, so there's even less chance of your usage of it accidentally being vulnerable to any kind of attacks. (However, you should never allow the user to specify the "from" or "reply-to" fields normally, unless maybe the latter, but you must sanitise the input first. So your approach above is good in that sense.) – ADyson Jan 25 '21 at 13:54

0 Answers0