/* ************************************************************************
*
* function used to clean Mail :: from Larry Ullman at dmcinsights.com
*
* as found here: http://www.dmcinsights.com/phorum/read.php?6,28810
*
* called by the following line on the mail page prior to using the mail()
*
* $_SAFE_POST = array_map('clear_user_input', $_POST);
*
* cleans each element of the $_POST array before using them in the mail() using array_map
*
*************************************************************************** */
function clear_user_input($value) {
// Check for bad values:
if (stristr($value, 'content-type')) return '';
if (stristr($value, 'bcc:')) return '';
if (stristr($value, 'to:')) return '';
if (stristr($value, 'cc:')) return '';
if (stristr($value, 'href')) return '';
// Strip quotes, if Magic Quotes are on:
if (get_magic_quotes_gpc()) $value = stripslashes($value);
// Replace any newline characters with spaces:
$value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value);
// Return the value:
return trim($value);
}
Try that function.