Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Simple Email Script

by mrbbking (Hermit)
on Mar 07, 2002 at 21:14 UTC ( [id://150132]=note: print w/replies, xml ) Need Help??


in reply to Simple Email Script

You should use Taint mode in your CGI scripts and check all input for dangerous things before using it.
Suggestion: Change your shebang line to enable warnings and Taint mode, like this:
#!/usr/bin/perl -wT
And then check all your input with regexes (un-taint it) to be sure that there's nothing scary in there.
$firstname =~ /^([\w ]+)$/; $firstname = $1; if( length($firstname) < 1){ $firstname = "no valid name provided"; } # now $firstname contains only # numbers, letters, spaces and underscores.
The particular regex I used may not meet your needs, and sanitizing the other pieces may be more difficult, but this is the general idea I think you'll want.

Oh, to reply more to the question you actually asked - add this: "use CGI::Carp( 'fatalsToBrowser' );" to your script while you're debugging. Then you'll get a better description than "HTTP 500" when things go wrong.

Good luck!

Replies are listed 'Best First'.
Re: Re: Simple Email Script
by theguvnor (Chaplain) on Mar 08, 2002 at 02:59 UTC
    And I'll save merlyn some time by pointing out that fatalsToBrowser should be used only while testing, not in production because it gives the bad guys more information than you want to give them. :)

    ..Guv

      In the NMS programs we originally used the CGI::Carp set_message() method to conditionally output the actual error message if a $DEBUGGING variable was set - thus retaining the ability to catch fatal errors (and be able to use 'die' in the programs without getting a 500 status) and control what information that gets emitted to the user. We subsequently discovered that set_message() wasn't available in older versions of CGI::Carp so we have provided our own cut-down version.

      /J\

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://150132]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-09-07 20:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.