Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

updating shop with security fixes


Recommended Posts

Hi there, I first downloaded osC in 2005.


I am aware there is a weakness in the Contact Us form and think one of the contributions with maybe a picture in it should stop spamming.


Is there a place to check for other security fixes / anouncements that have been made for osC in the last couple of years?



Link to comment
Share on other sites

  • 2 weeks later...
I am aware there is a weakness in the Contact Us form


I found this osc max contact us fix


and adapted it with the code from this site sending spam through contact forms


to produce this chunck of code, to be added to functions.php:

function preprocessHeaderField($value)
 //Remove line feeds
 $ret = str_replace("\r", "", $value);
 $ret = str_replace("\n", "", $ret);

 // Remove injected headers
 $find = array("/to\:/i",

$ret = preg_replace($find, "", $ret);
return $ret;


add this to contact_us.php after include application_top.php

$_POST['name']	 = preprocessHeaderField($_POST['name']);
$_POST['tel']	  = preprocessHeaderField($_POST['tel']);
$_POST['email']	= preprocessHeaderField($_POST['email']);
$_POST['subject']  = preprocessHeaderField($_POST['subject']);
$_POST['enquiry']  = preprocessHeaderField($_POST['enquiry']);


Thanks to Edith Karnitsch for helping me with the additional injection fields to check.



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...