Hello fellow monksters...
It has been requested for one of my cgi scripts to add the ability to email a link out from the script. One of the things I want for this script is to keep away from extraneous modules. So I figured I could talk with sendmail directly, but I'm wary of doing such things. I'd much rather use a module, but not for this project. So I ask your wisdom and vigilant eyes, see any potential
Bad Things [TM] lurking around in there? Have hints on better ways?
Thanks,
-Syn0 (This is part of my
EIGHT - Easy Image Gallery software)
(also, I know the email regex I use is not compliant, but it suffices for what I need (I think) and I would run into the module issue if I tried for full compliance)
The code is:
# MAIL-A-LINK info
# if set to TRUE, mail-a-link will be displayed during img display
my $mail_a_link = 'TRUE';
# location of sendmail binary
my $sendmail = '/usr/bin/sendmail';
# message to send as body of mail
# placeholders for use in body:
# <: sender_name :> - name of the person who requested the email
# <: image_link :> - link being emailed
# <: image_name :> - name of the image
my $mail_body = <<EOD;
This message is being sent to you by $default_title galleries on behal
+f of
<:sender_name:>, who thinks you would enjoy this image:<BR>
<:image_name:> at <:image_link:><BR>
<BR>
Feel free to stop by and have a look around.<BR>
Thank you,<BR>
<A href="$base_url">$default_title</A>
EOD
# /* -----------------------------------------------------------------
+-- */
# linkmail
# /* -----------------------------------------------------------------
+-- */
sub linkmail {
my $img_name = $img_lst[$curr_img_num] || &idx();
my($status, $to_name, $to_email, $from_name, $from_email) = ('')x5;
if (($to_name = $cgi->param('to_name')) &&
($to_email = $cgi->param('to_email')) &&
($from_email = $cgi->param('from_email')) &&
($from_name = $cgi->param('from_name'))) {
$status = "\nERR: Invalid character in Recipient's name : $to_name
+<BR>"
unless $to_name =~ /^[\w\.\'\s]+$/;
$status .= "\nERR: Malformed email address for Recipient : $to_ema
+il<BR>"
unless $to_email =~ /^[\w\-\.]+\@[\w\-\.]+\.\w+$/;
$status .= "\nERR: Invalid character in Your name : $from_name<BR>
+"
unless $from_name =~ /^[\w\.\'\s]+$/;
$status .= "\nERR: Malformed email address for You : $from_email<B
+R>"
unless $from_email =~ /^[\w\-\.]+?\@[\w\-\.]+?\.\w+$/;
if ($status eq '') {
# no errors, try and send email
my $img_lnk = qq(<A href="@{[$cgi->url]}?opt=img&gal=$gal_id&id=
+$img_name">@{[$cgi->url]}?opt=img&gal=$gal_id&id=$img_name</A>);
$mail_body =~ s/<:\s*sender_name\s*:>/$from_name/g;
$mail_body =~ s/<:\s*image_link\s*:>/$img_lnk/g;
$mail_body =~ s/<:\s*image_name\s*:>/$img_name.jpg/g;
my $mailmsg = <<EOD;
From: $from_name <$from_email>
To: $to_name <$to_email>
Subject: Image link
MIME-Version: 1.0
Content-Type: TEXT/HTML; charset=US-ASCII
$mail_body
EOD
$ENV{PATH} = '';
if (open(MAIL, "| $sendmail -oi -t")) {
print MAIL $mailmsg;
if (close(MAIL)) {
# all's well
$status = qq(
The link was mailed successfully.<BR>
You can [ <A href="@{[$cgi->url]}?opt=img&gal=$gal_id&id=$img_na
+me">return to gallery</A> ]
or send the link to someone else:
<HR>);
$to_email = '';
$to_name = '';
}
else {
# close failed
$status = qq(\n ERR: There was a problem processing the mess
+age. Your link was not sent.<BR>);
log_err("ERR: Mail-a-link failure during mail process/send : $!"
+);
}
}
else {
# can't connect to server, log and err out
$status .= qq(\n ERR: There was a problem connecting to the m
+ail server. Your link was not sent.);
log_err("ERR: Could not connect to sendmail : $!");
log_err(" Set the config var \$mail_a_link to 'FALSE' if thi
+s error persists");
}
}
}
&PrintHead();
print qq(\n<TABLE border=0 bgcolor="$colors{'img_cap'}" width="100%"
+><TR><TD> </TD></TR></TABLE>);
print qq(
<!-- Start Mail-A-Link Table -->
<TABLE border=0 width="100%">
<TR>
<TD>
$status
<FORM action="@{[$cgi->url]}" method=POST>
<INPUT type=hidden name=opt value="mal">
<INPUT type=hidden name=gal value="$gal_id">
<INPUT type=hidden name=id value="$img_name">
Sending an email link to a friend. <I>(All fields are require
+d)</I><BR>
<BR>
Recipient's Name: (up to 30 characters long)<BR>
<INPUT type=text name=to_name value="$to_name" size=15 maxlen
+gth=30><BR>
Recipient's Email address: (up to 80 characters long)<BR>
<INPUT type=text name=to_email value="$to_email" size=30 maxl
+ength=80><BR>
<BR>
Your Name: (up to 30 characters long)<BR>
<INPUT type=text name=from_name value="$from_name" size=15 ma
+xlength=30><BR>
Your Email Address: (up to 80 characters long)<BR>
<INPUT type=text name=from_email value="$from_email" size=30
+maxlength=80><BR>
<INPUT type=submit value="Send this link!">
</FORM>
<HR>
Sending a link to this image:<BR>
<IMG src="$img_url/$img_name.jpg" border=0>
</TD>
</TR>
</TABLE>
<!-- End Mail-A-Link Table -->
);
&PrintTail();
}