in reply to Re: Contact Form
in thread Contact Form

open MAIL,'|/usr/lib/sendmail -t' or die "error with email"; 
 
print MAIL "name: ", $query->param(name), "\n"; 
print MAIL "subject: ", $query->param(subject), "\n"; 
print MAIL "email: ", $query->param(emailaddy), "\n"; 
print MAIL "message: ", $query->param(message), "\n";

[download]
Ewww. No. You forgot the headers. So the mail isn't going anywhere, and worse yet, it's a security hole, since I can fake a "name" param with newlines and send spam using your script. Ick. Ewww.

-- Randal L. Schwartz, Perl hacker

Replies are listed 'Best First'.
Re: •security alert, was Re: Re: Contact Form
by Parham (Friar) on Mar 23, 2002 at 00:12 UTC
    i didn't think it would have to be advanced, personally i'd do it your way, checking for my param's, but it was a quicky, very simple.
[reply]

In Section Seekers of Perl Wisdom