It has been a while since i last made something with Perl so I decided for a brief refresher to make a simple guestbook. I was just wondering if any one had any comments or if any one could see any huge security holes.
#!/use/bin/perl -w
use strict;
use CGI ':standard';
print header();
print start_html();
print "<html><head><title>Thanks for Signing!</title></head>";
print "<body bgcolor=black text=white>";
my $q=new CGI;
my $name =$q->param('name');
my $mail =$q->param('mail');
my $message =$q->param('message');
print "<center><p>Thanks for signing my guestbook, your message
+has been posted! $name!</center></p>";
# REMOVE THIS COMMENT TO ACTIVATE CENSOR if ($message =~/badword/i or
+$message =~/badword2/i or $message =~/badword3/i) {$message =~ s/badw
+ord/bleep/ig; $message =~ s/badword2/bleep/ig; $message =~ s/badword3
+/bleep/ig;};
if ($message =~/</ or $message =~/>/) {$message =~ s/</</g; $messag
+e =~ s/>/>/g;};
if ($name =~/</ or $name =~/>/) {$name =~ s/</</g; $name =~ s/>/>
+;/g;};
if ($mail =~ /</ or $mail =~/</) {$mail =~ s/</</g; $mail =~ s/</&g
+t;/g;};
if ($message =~ /\(b\)/i or $message =~ /\(i\)/i or $message =~ /\(\/i
+\)/ or $message =~ /\(\/b\)/) {$message =~ s/\(b\)/<b>/ig; $message =
+~ s/\(i\)/<i>/ig; $message =~ s/\(\/b\)/<\/b>/ig; $message =~ s/\(\/i
+\)/<\/i>/ig;};
if ($message =~ /\(red\)/i or $message =~ /\(\/red\)/i) {$message =~ s
+/\(red\)/<font color=red>/ig; $message =~ s/\(\/red\)/<\/font>/ig;};
if ($message =~ /\(red\)/i and $message =! /\(\/red\)/i) {$message=$me
+ssage."</font>"};
print "Name: $name <br> Email: $mail <br> Message: $message";
open HTML, ">>../gbook.html" or die $!;
print HTML "<i>Name:</i> $name <br> <i>E-Mail: </i>$mail<br> <i>Messag
+e: </i>$message <p>";
close HTML;
print "</BODY></HTML>";
Any comments would be appreciated, thanks.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|