"""Record and display shout outs for the life of the server."""
import gsd
TEMPLATE = """
<html>
<head>
<title>Shout Outs!</title>
</head>
<body>
<form action="/" method="get">
<input name="shout">
<input type="submit" value="Shout!">
</form>
<?
for shout in self.shout_outs:
print shout, '<br>'
?>
</body>
</html>
"""
class ShoutOuts(gsd.App):
"""A simple GSD app that records shout outs for the life of the server."""
def __init__(self):
self.shout_outs = []
def GET_(self, shout=None):
"""Display shout outs and form to add new ones."""
if shout is not None:
self.shout_outs.append(shout[0])
self.Render(TEMPLATE, locals())
def GET_reset(self):
"""Reset the list of shoutouts."""
self.shout_outs = []
self.Redirect('/')
if __name__ == '__main__':
app = ShoutOuts()
print 'http://localhost:8000/'
app.Serve('localhost', 8000)
Not so long ago, I ran a wiki called SecurePHP. On that wiki, there was one particular article about email injection that received a lot of attention. Naturally, with all the attention came lots of spam. As a result, I disabled editing of the wiki and content stagnated. Still, the email injection article remained popular. About a year later, the server that hosted SecurePHP died and I never had a chance to hook it all back up. I saved the article though and I'm reposting it now. It may be a bit old (I've been away from PHP for a long time), and I didn't write all of it, so feel free to leave comments about needed updates and corrections. Though this article focuses on PHP, it provides a lot of general information regarding email injection attacks. The PHP mail() Function There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() funct