2019-05-20 16:51:03 PHP

OSコマンドインジェクションに気をつけよう

Copy Copied! Full
<?php /*** パラメーター開始 ***/ $sender = "test@example.com"; $sender_name = "TEST"; $recipient = "test@example.com"; $subject="三卍(^o^)卍ドゥルルル"; $content="わーい\nわーい\nわーい"; /*** パラメーターここまで ***/ $sm = popen("/usr/sbin/sendmail -f $sender $recipient", "w"); mb_internal_encoding("UTF-8"); $sender_name_encoded = mb_encode_mimeheader($sender_name); $subject_encoded = mb_encode_mimeheader($subject); $content_encoded = quoted_printable_encode($content); fputs($sm, "From: \"$sender_name_encoded\" <$sender>\n"); fputs($sm, "To: <$recipient>\n"); fputs($sm, "Subject: $subject_encoded\n"); fputs($sm, "MIME-Version: 1.0\n"); fputs($sm, "Content-Transfer-Encoding: quoted-printable\n"); fputs($sm, "Content-Type: text/plain; charset=UTF-8\n\n"); fputs($sm, $content_encoded); pclose($sm); ?>
OSコマンドインジェクションに気をつけよう