🕸Fergus Duniho wrote on Wed, May 2, 2018 01:21 AM UTC:
I wrote a new function today called safe_email(). This takes the arguments $to, $subject, $message, $from, and $replyto. The last one is optional, the rest are required. The first three are the same as the PHP function mail(). Instead of including an argument for additional headers, these are constructed inside the function. Since we haven't been using the parameters argument of mail(), it was left out. Unlike mail(), safe_email() does validation on email addresses, making sure they are singular, properly formed, and listed in the database. It also checks whether a $to address has been marked as dead or belongs to a domain we know we cannot currently send email to, and it checks against user preferences for receiving certain types of email. If everything checks out, it will send the email. It can also recognize UserIDs and PersonIDs and retrieve the appropriate email address from the database.
I replaced mail() with safe_email() in login/registeruser.php, login/change_email.php, login/change_password.php, index/addcomment.php, and play/pbm/sendmove.php, and I tested it in most of them.
I wrote a new function today called safe_email(). This takes the arguments $to, $subject, $message, $from, and $replyto. The last one is optional, the rest are required. The first three are the same as the PHP function mail(). Instead of including an argument for additional headers, these are constructed inside the function. Since we haven't been using the parameters argument of mail(), it was left out. Unlike mail(), safe_email() does validation on email addresses, making sure they are singular, properly formed, and listed in the database. It also checks whether a $to address has been marked as dead or belongs to a domain we know we cannot currently send email to, and it checks against user preferences for receiving certain types of email. If everything checks out, it will send the email. It can also recognize UserIDs and PersonIDs and retrieve the appropriate email address from the database.
I replaced mail() with safe_email() in login/registeruser.php, login/change_email.php, login/change_password.php, index/addcomment.php, and play/pbm/sendmove.php, and I tested it in most of them.