Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Contact Form

by Parham (Friar)
on Mar 22, 2002 at 23:59 UTC ( #153681=note: print w/ replies, xml ) Need Help??


in reply to Contact Form

#!usr/bin/perl use CGI; $query = new CGI; #parse forms with cgi.pm open MAIL,'|/usr/lib/sendmail -t' or die "error with email"; print MAIL "To: youremail@somewhere.com\n"; print MAIL "From: theiremail@somewhere.com\n"; print MAIL "Subject: form stuff\n"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n"; close MAIL; print "Location: thankyou.html\n\n"; #other ways, i just like it this +way


Comment on Re: Contact Form
Download Code
•security alert, was Re: Re: Contact Form
by merlyn (Sage) on Mar 23, 2002 at 00:00 UTC
    open MAIL,'|/usr/lib/sendmail -t' or die "error with email"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n";
    Ewww. No. You forgot the headers. So the mail isn't going anywhere, and worse yet, it's a security hole, since I can fake a "name" param with newlines and send spam using your script. Ick. Ewww.

    -- Randal L. Schwartz, Perl hacker

      i didn't think it would have to be advanced, personally i'd do it your way, checking for my param's, but it was a quicky, very simple.
•security alert TWO, was Re: Re: Contact Form
by merlyn (Sage) on Mar 23, 2002 at 02:22 UTC
    Oops. Twice in a row:
    open MAIL,'|/usr/lib/sendmail -t' or die "error with email"; print MAIL "To: youremail@somewhere.com\n"; print MAIL "From: theiremail@somewhere.com\n"; print MAIL "Subject: form stuff\n"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n";
    You aren't ending your header with a blank line, so what you think is in the body is still in the header, and hence could be used for spam! Also, you have an "@" inside a double-quoted string, and you're using barewords for "name" and "subject", etc, so "use strict" will be all over your ass for both of those, and rightfully so.

    Maybe you should just concede at this point.

    -- Randal L. Schwartz, Perl hacker

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://153681]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (13)
As of 2014-09-23 20:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (241 votes), past polls