Prevent Code in Name Field?

  • I just read about a spam exploit where spammers put someone else’s email address into the “Email” field and a malicious link in the “Name” or “Message” field, thus using the Webform to harm others via the reply email.

    1) Does the form prevent code in the users response fields?

    or

    2) Is there a way to suppress the name, email and message quoted text in the reply email, to avoid this exploit?

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Guido

    (@guido07111975)

    Hi,

    All user input is being validated and sanitized by using the native WordPress functions sanitize_text_field(), sanitize_email() and sanitize_textarea_field(). So malicious code is being stripped.

    Guido

    Thread Starter CCeliaS

    (@ccelias)

    Thank you for the clarification! I got an email from someone, saying she didn’t understand why she’d been signed up for our list: I Googled the issue and saw that forms could be misused in that way. I’m grateful you (and WordPress) have set it up to prevent the issue. Cheers!

    Plugin Author Guido

    (@guido07111975)

    Guess you’re using another form to let users signup for this list (newsletter)? In that case, check that form as well.

    Guido

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Prevent Code in Name Field?’ is closed to new replies.