in reply to bad email code?
That open is not safe because somebody could craft a very nasty command and pass it to you via a form. eg; email: bob@aoheck.com < rm -rfv /#Get the user's email, this is fine use CGI; $q = new CGI unless @ARGV; $email = $ARGV[0] || $q->param("email"); #Open sendmail to send the mail, this is not fine open(MAIL, "|/usr/lib/sendmail $email"); print MAIL $mailMessage;
Congratulations, this would send an email to bob containing all the names of the files you no longer have.
UPDATE: Obviously -T (taint) is your friend.
--
perl -p -e "s/(?:\w);([st])/'\$1/mg"
|
|---|