perlquestion
SilverB1rd
I would like to thank you for all the help.<br>
I have tryed to implement the security stuff you guys talked about, some of it I could not get to work or find the documentation, So here is my new script! Any major holes in this one?
<code>
#!/usr/bin/perl -Tw
#warnings and taint mode now enabled
use CGI;
use strict;
$CGI::POST_MAX=1024 * 500; # max 500k post
$CGI::DISABLE_UPLOADS = 1; # No uploads
print "Content-type:text/html\n\n";
my $temp;
$temp = "$ENV{'QUERY_STRING'}";
$temp =~ tr/\/A-Za-z0-9_.-//dc;
$temp =~ s/\.+\///g;
if( $temp =~ m#(^.+\.{1}?\w+)# ) {
$temp= "../www$1";
} else {
dienice "Invalid template file name...";
}
#you may now use the CGI methods.
my ($query) = new CGI;
my (@values, $key, $i, @fary);
foreach $key ($query->param) {
$i = $query->param($key);
if ($key =~ /required/i) {if ( ($i eq "") && ($i == "") ) {failure();}}
}
open(INF, "< $temp") or dienice("Cant open $temp");
seek(INF,0,0); @fary = <INF>; close (INF);
foreach $key ($query->param) {
@values = $query->param($key);
foreach $i (@fary) {$i =~ s/\[$key\]/@values/g;}
}
my $mailprog = '/usr/lib/sendmail';
open (MAIL, "|$mailprog -t") or dienice("Can't access $mailprog!\n");
foreach $i (@fary) { print MAIL "$i"; }
close (MAIL);
my $url = $query->param('success');
print "<Meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=$url\">\n\n";
print "<a href=\"$url\">If you are not forwarded in 5 seconds, please click here.<\/a>";
exit;
sub failure {
my $url = $query->param('failure');
print "<Meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=$url\">\n\n";
print "<a href=\"$url\">If you are not forwarded in 5 seconds, please click here.<\/a>";
exit;
}
sub dienice {
my($errmsg) = @_;
my($webmaster) = 'webmaster@mydomain.com';
print <<Eof;
<html><head><title>Error!!</title></head><body>The error was $errmsg</body></html>
Eof
exit;
}
</code>