I'm using this function
Code:
function blankInject ($value)
{
$value = urldecode($value);
if (eregi("(\r|\n)", $value)) {
$value="";
}
return $value;
}
I call it like this:
$vartocheck = blankInject ($vartocheck);
Which essentially accomplishes the same thing. In this way I can act on the condition by using the mechanism I already have in place to prevent blank fields, thereby keeping the person on the form page.
I have also implemented the same mechanism in our shopping cart for fields that are used in email as well as other fields. Those other fields wouldn't allow any email injection, but this hopefully prevents some auto-complete functions in browsers from inserting carriage returns and double addresses (which I've found a few of here and there).
I'd really appreciate it if you guys could test both the contact form as well as shop page. For the shop, as long as you don't process anything with paypal you won't be affecting us nor getting charged anything. Just put a note into the notes field that says "empeg" or something so I know it's being tested by people here.
http://twistedmelon.com/contact/contact.phphttp://twistedmelon.com/shop (you have to add a hardware item to see the address fields)
Thanks again for help.
Previous Topic
Index
