custom mail-form security
24 views
Skip to first unread message
curious
Oct 17, 2016, 8:45:00 AM10/17/16
to Joomla! General Development
theres a contact form on my J3.6.2 site with uploading attachment functionality. i need to know what to do to make this overall "secure".
using Jinput /Jfile/addAttachment.
1.)the Attachment/UPLOAD:
$Input = JFactory::getApplication()->input;
$File = $Input->files->get('Asset');
if ($File) {$Mailer->addAttachment($File["tmp_name"], $File['name'], "base64", $File['type']);}
is there some automatic check against allowed filetype by default (media-settings) or should there be something implemented by myself? ..checking mime type, filesize, etc
the formfield:
<input id="assets" name="Asset" type="file" value="" class="form-control" required>
2.)I read about session token
https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms
how important is this in terms of security? for a simple contact form using onboard phpmailer...its not a component form with tasks or DB write..
using Jinput /Jfile/addAttachment.
1.)the Attachment/UPLOAD:
$Input = JFactory::getApplication()->input;
$File = $Input->files->get('Asset');
if ($File) {$Mailer->addAttachment($File["tmp_name"], $File['name'], "base64", $File['type']);}
is there some automatic check against allowed filetype by default (media-settings) or should there be something implemented by myself? ..checking mime type, filesize, etc
the formfield:
<input id="assets" name="Asset" type="file" value="" class="form-control" required>
2.)I read about session token
https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms
how important is this in terms of security? for a simple contact form using onboard phpmailer...its not a component form with tasks or DB write..
Reply all
Reply to author
Forward
0 new messages