$value){
$values[$key] = htmlentities($value);
}
$values2 = $values;
// Attempt to defend against header injections:
$badStrings = array(“/content-type[[:space:]]*:/i”,
“/mime-version[[:space:]]*:/i”,
“/content-transfer-encoding[[:space:]]*:/i”,
“/(to|from|bcc|cc)[[:space:]]*:.*@/i”,
“/[\n\r]subject[[:space:]]*:/i”);
// Loop through each POST’ed value and test if it contains one of the $badStrings:
foreach($values2 as $k => $v){
foreach($badStrings as $v2){
if(preg_match($v2, strtolower($v))) {
header(“HTTP/1.0 403 Forbidden”);
$errors[] = ‘1’;
exit;
}
}
}
$values3 = $values;
foreach ($values3 as $ky=>$vl) {
$values[$ky] = strip_tags($vl);
}
$errors = array();
if ($values[‘directory_submit’] && !count($errors)) {
// Send notification email
$msg = “A new company has been submitted to DerivSource by “.htmlentities(stripslashes($values[‘youremail’]));
$msg .= “\n\nCompany Name: “.htmlentities(stripslashes($values[‘company’]));
$msg .= “\nCompany Type: “.htmlentities(stripslashes($values[‘companytype’]));
$msg .= “\nAddress: “.htmlentities(stripslashes($values[‘address’]));
$msg .= “\nPhone Number: “.htmlentities(stripslashes($values[‘phone’]));
$msg .= “\nContact Name: “.htmlentities(stripslashes($values[‘contact’]));
$msg .= “\n\nWebsite: “.htmlentities(stripslashes($values[‘website’]));
$msg .= “\n\nDescription: “.htmlentities(stripslashes($values[‘description’]));
mail(‘info@derivsource.com’, ‘[DerivSource | Directory] New Company Submission!’, $msg, “From: \”DerivSource\”
}
?>
Thank you for submitting your company.