Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Perl Security - Prevent SPAM

by jazzwill (Initiate)
on Oct 07, 2005 at 00:25 UTC ( #498090=perlquestion: print w/replies, xml ) Need Help??

jazzwill has asked for the wisdom of the Perl Monks concerning the following question:

I have tried reading up on security. I want to make sure my code is ok though. I am a Perl novice and have learned by looking at other code. Any help would be MOST helpful. I do not want to help spammers. OK, this is what I use to email stuff back to me from my website:

#The emailing part:

sub sendMail { $email = $FORM{'Email'} ; if (length $email > 80) { &Show_Critical_Error ('Email Address too long!'); } if ($email =~ /^[^@]+@([-\w]+\.)+[A-Za-z]{2,4}$/) { open(MAIL, "|$email_path -t -oi -odq") || &Show_Critical_Error('Sy +stem Error. Unable to open mail application.') ; print MAIL "To: myemail\ domain name)\n" ; print MAIL "From: $FORM{'Email'} (JazzKids SITE)\n" ; print MAIL "Subject: WEBSITE CONTACT-jazzkids\n" ; print MAIL "\n" ; print MAIL "Name: $FORM{'Name'}\n\n" ; print MAIL "Email: $FORM{'Email'}\n\n" ; print MAIL "Address: $FORM{'Address'}\n\n" ; print MAIL "City: $FORM{'City'}\n\n" ; print MAIL "State: $FORM{'State'}\n\n" ; print MAIL "Zip: $FORM{'Zip'}\n\n" ; print MAIL "Specialty: $FORM{'Specialty'}\n\n" ; print MAIL "Best to reach by: $FORM{'Reachby'}\n\n" ; print MAIL "Best to reach when: $FORM{'Reachwhen'}\n\n" ; print MAIL "Comments: $FORM{'Comments'}\n\n" ; print MAIL "----------------------------------------\n\n" ; print MAIL "Sent from: $FORM{'form'}\n\n" ; close(MAIL) ; } else {&Show_Critical_Error('EMAIL ADDRESS INVALID.') ;} }
#The parsing part:

sub Parse_Post_Form { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}) ; @pairs = split(/&/, $buffer) ; $valid = "[A-Za-z]\@\:\." ; foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair) ; $value =~ tr/+/ / ; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg ; $value =~ s/[^$valid]/./go; $FORM{$name} = $value ; if ($value =~ s/`//) { &Show_Critical_Error ('No back ticks allowed!'); } } }
THANKS for any help!!


Edit by castaway - removed extra br tags inside code tags

Considered by VSarkiss: Delete: dup of Reaped: Perl Security which has replies
Unconsidered by Arunbear: keep votes prevented reaping; Keep/Edit/Delete: 15/5/18

Replies are listed 'Best First'.
Re: Perl Security - Prevent SPAM
by techcode (Hermit) on Oct 07, 2005 at 01:48 UTC
    Hello! Welcome to the PerlMonks - you've come to the right place.

    1. You don't need to include <br> inside <code> tag.
    2. Parsing part is so crappy :) But don't worry - I used it too :)

    Here is classic hello world script that will become your best friend from now on ...
    #!perl use strict; # this is a MUST! use CGI; # so you don't parse it by hand my $query = CGI->new(); # my is because of strict pragma print $query->header(); # so you don't do it by hand print "Hello World!";
    When you have something like that (inside $query you have an CGI object) you can easily get any post or get parameter passed to your script easily.
    my $form = $query->Vars();
    In this case, $form will contain a hashref of form fields. So if you want to say print value of field called "name" :
    print $form->{name};
    Now let's address your Show_Critical_Error() function :)

    Add this to top of your script.
    use CGI::Carp qw(fatalsToBrowser); .... .... if($error) { die "Error message"; }
    And it will print a relatively nice error message to the browser ;)

    I believe this is enough to get you started! There are many more things to learn, but take them one by one ...

    Have you tried freelancing? Check out Scriptlance - I work there.
      Thanks! I am new to the whole: my $variable and strict. Where do I get more info about them?

        Have a read through the Tutorial material starting with the "Getting Started with Perl" series.

        use strict; use warnings; are used to pick up errors, normally due to sloppy programming, like mistyping variable names and using variable before they are initialised. If there are errors of that sort in code you post here you are lible for a bit of a drubbing!

        Perl is Huffman encoded by design.
        documentation for perl comes with perl itself, there are unix-style man pages, and there is the 'perldoc' utility that you can use to get information, they are pretty self-explanatory.

        Perl documentation is also made available on, try searching there for 'my' or 'strict' and you'll find more information.

        And .... Google is your friend

Re: Perl Security
by Zed_Lopez (Chaplain) on Oct 07, 2005 at 00:32 UTC
Re: Perl Security
by cowboy (Friar) on Oct 07, 2005 at 17:49 UTC
    First thing, don't re-invent the wheel on http request processing.
    Use CGI or CGI::Simple, or some other module that has been very heavily tested, rather than trying to process data yourself.
    For email address processing, try Email::Valid
    my $addr = Email::Valid->address( -address => $email, -mxcheck => 0 ); if ($addr) { # send it }
    For actual sending, look at some of the sending modules. Net::SMTP is a good one.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://498090]
Approved by techcode
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2023-09-27 21:16 GMT
Find Nodes?
    Voting Booth?

    No recent polls found