Re^2: Checking mail command for success


Perl Monk, Perl Meditation
	PerlMonks

Re^2: Checking mail command for success

by ronix (Novice)

on Apr 23, 2009 at 19:27 UTC ( [id://759631]=note: print w/replies, xml )

Need Help??

in reply to Re: Checking mail command for success
in thread Checking mail command for success

Note that you're subject to attacks by passing unescaped text to the shell.

Sorry, but could you explain this in more detail?

thanks!

Comment on Re^2: Checking mail command for success

Replies are listed 'Best First'.

Re^3: Checking mail command for success
by ikegami (Patriarch) on Apr 23, 2009 at 19:37 UTC

"John Doe <john@example.org>" (minus the quotes) is a valid email address, but you'll have problems if $recipients contains that.

And of course, there's the malicious who might find a way of getting "| rm -rf /" (minus the quotes) into $host or $recipients.

The multiple argument form of various commands gets around that problem.

use IPC::Open3 qw( );

open(my $mailer_fh, '|-', '/bin/mail', '-s', $hostn, $recipients)
   or die("Cannot execute mail command: $!\n");

open(my $msg_fh, '<', $disk_changes)
   or die("Cannot execute message file: $!\n");

print $mailer_fh $_ while <$msg_fh>;

close($mailer_fh)
   or die("Error sending mail message: $!\n");

$? == 0
   or die("Error sending mail message: $?\n");
[download]

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://759631]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others perusing the Monastery: (5)

As of 2024-04-25 23:47 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found