I don't know anything about
cgi-lib.pl. However, if I were to
code this fascist-style, these thoughts would cross my mind:
-
Use the three-or-more-argument version of open. It's safer.
-
Turn $mailprog into a lexically scoped variable or constant
(use constant ...). Messing with it is unlikely, but I'm following my fascist mindset.
-
Passing improperly untainted data to sendmail screams SPAM GATEWAY!