Earlier today a friend asked me to help him install a fairly simple CGI that is similar to the infamous formmail.pl from Matt's Script Archive. He was having trouble with the server throwing "Internal Server Error" messages and since the permissions looked right and we did not have access to the error logs, I dove into the source to find the problem.

Well, the code was a mess. No strict, no warnings, no CGI module. They had hand rolled their own parser for postdata parameters. I modified it to the point where it uses the CGI module, warnings, taint mode, and strict. I also hardened a few sections of the code that might have been exploitable.

I then went and made quite a few other improvements because, well, I was bored. The header (which comprises all of the documentation of the script) says, "there are no restrictions on this script," and "this script may not be redistributed without this header." I sent an email to the company that distributes the original script and asked for permission to distribute my changes even though I felt that the documentation had given me the right to do so as long as I included the header. The company does not even claim a copyright on the script.

You can probably guess where this is going. They sent me a polite email telling me in no uncertain terms that I could not make my changes publicly available. I have reduced a 250 line script to less than 200 lines. In the course of this I have significantly modified or written from scratch more than half of the current source code. I would consider rewriting the script from scratch in the spirit of Not Matt's Scripts, but I'm afraid that I am already too familiar with the code to create a legitimate independant implementation. Any advice?

--
IndyZ