in reply to Vetting a CGI script
I don't know anything about cgi-lib.pl. However, if I were to
code this fascist-style, these thoughts would cross my mind:
- Use the three-or-more-argument version of open. It's safer.
- Turn $mailprog into a lexically scoped variable or constant (use constant ...). Messing with it is unlikely, but I'm following my fascist mindset.
- Passing improperly untainted data to sendmail screams SPAM GATEWAY!
In Section
Seekers of Perl Wisdom