Re: Calling Perl from HTML

Wow, I definitely get stupid points for today. Ignore the alarmist idiot monk that was posing as myself this morning. Ignore the rest of my post and use strict, get rid of those ^M and test the script on the cmdline to see where you are failing exactly.

Removed stupid alarmist speak about how to securify your CGI scripts

===

This code is pretty insecure, I really suggest reading some more about writing secure cgi programs.

Now as to your specific problem, the sendmail program may not be runnable by your http process, I would consider another module like Mail::Mailer or its kin.

Comment on Re: Calling Perl from HTML

Replies are listed 'Best First'.
Re: Calling Perl from HTML by Abigail-II (Bishop) on Jul 15, 2002 at 14:13 UTC
What is your point? The program as presented isn't insecure at all - everything is set from within the program. It would pass -T without a problem. Of course you get problems if you do what you suggested above. But then, you will get the same problem if you do `system "/bin/rm -rf /";` [download] But that's just stupid, not insecure. Abigail	[reply] [d/l]
Re: Re: Calling Perl from HTML by OEMike (Novice) on Jul 15, 2002 at 15:14 UTC
Plot Thickens: Turns out that the CGI is running, in that it sends an email to the account I specify, yet it still shows the error as reported -- I placed a generic print "test"; before the Close (SENDMAIL) and that never happens?!	[reply]
Re: Re: Calling Perl from HTML by stajich (Chaplain) on Jul 15, 2002 at 15:19 UTC
You're right and I definitely failed the stupid test today, sorry to have wasted your time/space on that.	[reply]
Re: Re: Re: Calling Perl from HTML by OEMike (Novice) on Jul 15, 2002 at 16:47 UTC
Stajich: You mentioned reading up on CGI Security - but the olderlink you posted doesnt work - any suggestions? Michael	[reply]