Dear Friend,
I came across this interesting site: www.911eyewitness.com, and thought you might like to view this important new information.
BODY;
$emailTo = $_POST['recipient'];
$emailFrom = $_POST['sender'];
$pg = 10;
if($_POST['sendEmail'])
{
if(!isset($_SERVER['HTTP_USER_AGENT'])){
die("Forbidden - You are not authorized to view this page");
exit;
}
if(!$_SERVER['REQUEST_METHOD'] == "POST"){
die("Forbidden - You are not authorized to view this page");
exit;
}
$authHosts = array("911eyewitness.com");
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
$wwwUsed = strpos($fromArray['host'], "www.");
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts))
{
header("HTTP/1.0 403 Forbidden");
exit;
}
// Attempt to defend against header injections:
$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");
// Loop through each POST'ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v)
{
foreach($badStrings as $v2)
{
if(strpos($v, $v2) !== false)
{
header("HTTP/1.0 403 Forbidden");
exit;
}
}
}
// Made it past spammer test, free up some memory
// and continue rest of script:
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $wwwUsed);
//send emails out
mail($emailTo, $subject, $body, "From: ".$emailFrom." <".$emailFrom.">
Return-path: ".$emailFrom."
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1");
// collect emails
header("Location:http://www.911eyewitness.com/includes/emailcollect.php?emailTo=".$emailTo."&emailFrom=".$emailFrom."&pg=".$pg);
}
?>
