Re: Using The Mail::Sendmail module in CGI Script

in reply to Using The Mail::Sendmail module in CGI Script

This is not really answering your question, but I noticed you just blindly use the user's input. Never trust your users! ;-) What if I craft my POST or GET request so that the recipient variable looks something like:

recip1@doma.in\nBcc: recip2@doma.in, recip3@doma.in, recip4@doma.in
[download]

Please run some tests over the values you receive, before spitting them to a mail process.

Spammers will love your script ;-)

--
b10m

All code is usually tested, but rarely trusted.

Comment on Re: Using The Mail::Sendmail module in CGI Script Download Code

Replies are listed 'Best First'.
Re^2: Using The Mail::Sendmail module in CGI Script by msk_0984 (Friar) on Jul 19, 2006 at 09:00 UTC
yeah but i am just trying out this program and not yet tried to complete it . But what u have said is that my script is having security risk so how can i enable it.	[reply]
Re^3: Using The Mail::Sendmail module in CGI Script by marto (Cardinal) on Jul 19, 2006 at 09:08 UTC
msk_0984, Why not have a read at Ovid's Web Programming Using Perl tutorial. lesson 3 (though you should invest time reading the previous two lessons also) is titled Basic CGI Security which covers many things including user input. CGI security is a topic that is covered quite frequently, Super Search should return more helpful information. Updated: Added link to Super Search Martin	[reply]

In Section Seekers of Perl Wisdom