While working on an HTML encoder to properly show PHP code on this site, I perfomed a search on Google that returned no results or error messages.

The strings is quite simple: " (the query is exactly 5 characters long)

The URL that were sent to the server were:

http://www.google.com/search?hl=en&lr=&q=%26%2334%3B

http://www.google.com/search?q=%26%2334%3B&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

The presented entity (") corresponds to a double quote, similar to &.
Seems like the problem has to do with the ampersand followed by the number sign.

Someone aware of this?

Recently I noticed that a new spider was going thru all of our sites, but there was something special about this one: Read the rest of this entry »

When working with new programmers, and sometimes even experienced ones, I found that most of the time they would know how to solve a problem and code its solution but they wouldn’t be aware of security related implications. In this article, I’ll show how to improve security on PHP forms that use mail().

For a very simple Web site, a common usage of PHP is to create a contact form that will received visitor’s information and send it thru mail to the responsible of the Web site. The solution to this task is quite easy: create a form on HTML which will do a POST of the fields to a PHP script, and on the script use PHP’s mail() function to send the email with the provided information. If you want to have a more flexible solution, you could even receive on the script the recipient’s address, subject or some headers for the message.

Read the rest of this entry »

While I was designing a system that needed to send mass-customized emails from PHP, I faced two problems: a) change the envelope address (Return-path: header) and b) (most important) avoid overloading the server when sending the messages because of virus check.

Basically, I wanted to use a different sendmail configuration file from PHP to skip the relay-mail virus check from Amavis.

Read the rest of this entry »