Anti-spam mail function

  • Ludovic Drolez

    Ludovic Drolez - 2006-12-15


    While I was reading Mythread's source code, I found in the old historical code that someone could send spam using the 'suggest a new category' form.
    To stop all spam attempts, edit lib_main.php3 and replace the old mymail() function by this one:

    function mymail($to, $sub, $text, $from)
      $sub = substr(urldecode($sub), 0, 80);
      $to = urldecode($to);
      $from = urldecode($from);
      $text = urldecode($text);

      # forbidden expressions
      $re = "/[%\n\r]*/i";

      if (preg_match($re, $sub)) {
        die("No spam here !");
      #$sub = preg_replace($re, "", $sub);
      $to = preg_replace($re, "", $to);
      $from = preg_replace($re, "", $from);

      if (function_exists ("email")) {
        # email function found : we are running on's servers
        ereg ("^[^@]+", $from, $newfrom);
        $ret = email($newfrom[0], $to, $sub, $text);   
      } else {
        $ret = mail($to, $sub, $text, "From: $from \r\n");

      return $ret;

    Of course this fix will be integrated in the next 1.1.x release soon. (I don't know if it should be added in the 1.0.x releases... since there's no Captcha in 1.0.x, it's already a spam nightmare ! So use 1.1.x to avoid spam).



    • C

      C - 2006-12-15


      Just to clarify, the mythreads 1.1.1 beta released back in 2006-06-30, has the vulnerability and should be modified with this new code?


      • Ludovic Drolez

        Ludovic Drolez - 2006-12-16

        Yes ! If your site is under attack, you'll receive a lot of 'mail delivery failures' in your admin email account.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks