PHPFormMail News

1.07.1 is primarily a bug fix release.

The main bug that was fixed involved a security vulnerability for version 1.07.0 (only that version) that would allow the script to be an open relay if the webmaster had CHECK_REFERER set to false (and only if it was set to false) and did not use the $recipient_array. If you use 1.07.0 and CHECK_REFERER is set to false and you don't use the $recipient_array you should upgrade immediately. All other configurations should not be affected by this vulnerability but upgrading to the latest version is always recommended.... read more

After a very long time, PHPFormMail 1.07.0 has been released.

Changes:
Two cross site scripting security fixes have been applied to the HTML output. New features (community requested) include the ability to cloak e-mail addresses inside the script and to specify how the field aliases are applied (HTML, email, or both).

All users are urged to upgrade.

The new version of PHPFormMail is now on the mirrors. This version consists of fixes and you are strongly encouraged to upgrade due to a major security fix/upgrade.

Changes include:
! Fixed a possible exploit with the regex that checked e-mail addresses.
! Added r to n in e-mail output. Some users were having problems with just n.
! Fix Bug #583178 undeclared global $errors in send_mail(). This will stop the bug with blank pages being printed if there was an issue with the mail server.