Author Topic: HTML Spam still getting though  (Read 1766 times)

0 Members and 1 Guest are viewing this topic.

Offline m80her

  • Newbie
  • *
  • Posts: 3
HTML Spam still getting though
« on: January 30, 2007, 10:31:16 AM »
Just got the form2email script up and running after 2 day's intensive learning about this side of things.

I need to stop automated spammers sending html though our online form as everyone in the office is sick of viagra links - and I'm also worried that the sendmail program is being used to broadcast this crap all over the world, but I hope I'm right in thinking that the form2email.pl script prevents this from happening - can anyone clarify?

The $kill_html_tags setting is set to 1, but when I test it the html still gets though, so is there something that I am missing?

Many thanks
Richard

Offline EZ

  • Hero Member
  • *****
  • Posts: 1081
    • Babelnotes.be
Re: HTML Spam still getting though
« Reply #1 on: January 30, 2007, 11:51:53 AM »
$kill_html_tags means that the script will filter out HTML and only deliver text format.

there might be a hack but you need to test it.  look for this line:
$FORM{$key} =~ s/<!--(.|\n)*-->//g if $kill_html_tags;

replace that line with:

if (($FORM{$key} =~ /<!--(.|\n)*-->/) && $kill_html_tags) { error("html not allowed")};

Offline m80her

  • Newbie
  • *
  • Posts: 3
Re: HTML Spam still getting though
« Reply #2 on: January 31, 2007, 04:52:27 AM »
Works great now but also had to change the line:

$FORM{$key} =~ s/<([^>]|\n)*>//g if $kill_html_tags;

to:

if (($FORM{$key} =~ /<([^>]|\n)*>/) && $kill_html_tags) { error("html not allowed")};


Thanks for the help EZ

Offline m80her

  • Newbie
  • *
  • Posts: 3
Re: HTML Spam still getting though
« Reply #3 on: January 31, 2007, 05:21:20 AM »
Also noticed this....

Setting $from_field_name to = 'realname';  returns the error for invalid email address - even when @required_fields_email = ();

I would prefer the 'realname' field of the form to show as 'From' in my inbox, but can only get $from_field_name to work if this is set to = 'email';

It's not a huge issue but if you have any ideas I'd be very grateful.


Thanks again
Richard

Offline n1alien

  • Newbie
  • *
  • Posts: 4
Re: HTML Spam still getting though
« Reply #4 on: October 06, 2007, 04:34:27 AM »
Now that works great, this problem is on at least two oter threads and the code change takes care of the problem. I realize this is a old post but works