I would like to thank you for all the help.
I have tryed to implement the security stuff you guys talked about, some of it I could not get to work or find the documentation, So here is my new script! Any major holes in this one?
#!/usr/bin/perl -Tw
#warnings and taint mode now enabled
use CGI;
use strict;
$CGI::POST_MAX=1024 * 500; # max 500k post
$CGI::DISABLE_UPLOADS = 1; # No uploads
print "Content-type:text/html\n\n";
my $temp;
$temp = "$ENV{'QUERY_STRING'}";
$temp =~ tr/\/A-Za-z0-9_.-//dc;
$temp =~ s/\.+\///g;
if( $temp =~ m#(^.+\.{1}?\w+)# ) {
$temp= "../www$1";
} else {
dienice "Invalid template file name...";
}
#you may now use the CGI methods.
my ($query) = new CGI;
my (@values, $key, $i, @fary);
foreach $key ($query->param) {
$i = $query->param($key);
if ($key =~ /required/i) {if ( ($i eq "") && ($i == "") ) {failure();}
+}
}
open(INF, "< $temp") or dienice("Cant open $temp");
seek(INF,0,0); @fary = <INF>; close (INF);
foreach $key ($query->param) {
@values = $query->param($key);
foreach $i (@fary) {$i =~ s/\[$key\]/@values/g;}
}
my $mailprog = '/usr/lib/sendmail';
open (MAIL, "|$mailprog -t") or dienice("Can't access $mailprog!\n");
foreach $i (@fary) { print MAIL "$i"; }
close (MAIL);
my $url = $query->param('success');
print "<Meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=$url\">\n\n";
print "<a href=\"$url\">If you are not forwarded in 5 seconds, please
+click here.<\/a>";
exit;
sub failure {
my $url = $query->param('failure');
print "<Meta HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=$url\">\n\n";
print "<a href=\"$url\">If you are not forwarded in 5 seconds, please
+click here.<\/a>";
exit;
}
sub dienice {
my($errmsg) = @_;
my($webmaster) = 'webmaster@mydomain.com';
print <<Eof;
<html><head><title>Error!!</title></head><body>The error was $errmsg</
+body></html>
Eof
exit;
}
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|