From 4754596dedb4238e9fb9423b37f6a6c31a5ef6b5 Mon Sep 17 00:00:00 2001
From: Greg Molnar <molnargerg@gmail.com>
Date: Fri, 30 Jan 2015 08:42:13 +0000
Subject: [PATCH] validate email address to prevent header injection

---
 mail/contact_me.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mail/contact_me.php b/mail/contact_me.php
index 85e3402..3a94356 100755
--- a/mail/contact_me.php
+++ b/mail/contact_me.php
@@ -11,10 +11,15 @@ if(empty($_POST['name'])  		||
    }
 
 $name = $_POST['name'];
-$email_address = $_POST['email'];
+$email_address = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
+if ($email === FALSE) {
+    echo 'Invalid email';
+    exit(1);
+}
 $phone = $_POST['phone'];
 $message = $_POST['message'];
 
+
 // Create the email and send the message
 $to = 'yourname@yourdomain.com'; // Add your email address inbetween the '' replacing yourname@yourdomain.com - This is where the form will send a message to.
 $email_subject = "Website Contact Form:  $name";