Hello fellow monksters...
It has been requested for one of my cgi scripts to add the ability to email a link out from the script. One of the things I want for this script is to keep away from extraneous modules. So I figured I could talk with sendmail directly, but I'm wary of doing such things. I'd much rather use a module, but not for this project. So I ask your wisdom and vigilant eyes, see any potential Bad Things [TM] lurking around in there? Have hints on better ways?
Thanks,
-Syn0 (This is part of my EIGHT - Easy Image Gallery software)
(also, I know the email regex I use is not compliant, but it suffices for what I need (I think) and I would run into the module issue if I tried for full compliance)

The code is:

# MAIL-A-LINK info
# if set to TRUE, mail-a-link will be displayed during img display
my $mail_a_link = 'TRUE';

# location of sendmail binary
my $sendmail = '/usr/bin/sendmail';

# message to send as body of mail
#  placeholders for use in body:
#    <: sender_name :> - name of the person who requested the email
#    <: image_link :>  - link being emailed
#    <: image_name :>  - name of the image
my $mail_body = <<EOD;
This message is being sent to you by $default_title galleries on behal
+f of
<:sender_name:>, who thinks you would enjoy this image:<BR>
<:image_name:> at <:image_link:><BR>
<BR>
Feel free to stop by and have a look around.<BR>
Thank you,<BR>
<A href="$base_url">$default_title</A>
EOD


# /* -----------------------------------------------------------------
+-- */
#   linkmail
# /* -----------------------------------------------------------------
+-- */
sub linkmail {
  my $img_name = $img_lst[$curr_img_num] || &idx();
  my($status, $to_name, $to_email, $from_name, $from_email) = ('')x5;
  
  if (($to_name    = $cgi->param('to_name')) &&
      ($to_email   = $cgi->param('to_email')) &&
      ($from_email = $cgi->param('from_email')) &&
      ($from_name  = $cgi->param('from_name'))) {
    $status = "\nERR: Invalid character in Recipient's name : $to_name
+<BR>"
      unless $to_name =~ /^[\w\.\'\s]+$/;
    $status .= "\nERR: Malformed email address for Recipient : $to_ema
+il<BR>"
      unless $to_email =~ /^[\w\-\.]+\@[\w\-\.]+\.\w+$/;
    $status .= "\nERR: Invalid character in Your name : $from_name<BR>
+" 
      unless $from_name =~ /^[\w\.\'\s]+$/;
    $status .= "\nERR: Malformed email address for You : $from_email<B
+R>" 
      unless $from_email =~ /^[\w\-\.]+?\@[\w\-\.]+?\.\w+$/;
    
    if ($status eq '') {
      # no errors, try and send email
      my $img_lnk = qq(<A href="@{[$cgi->url]}?opt=img&gal=$gal_id&id=
+$img_name">@{[$cgi->url]}?opt=img&gal=$gal_id&id=$img_name</A>);
      
      $mail_body =~ s/<:\s*sender_name\s*:>/$from_name/g;
      $mail_body =~ s/<:\s*image_link\s*:>/$img_lnk/g;
      $mail_body =~ s/<:\s*image_name\s*:>/$img_name.jpg/g;
    
      my $mailmsg = <<EOD;
From: $from_name <$from_email>
To: $to_name <$to_email>
Subject: Image link
MIME-Version: 1.0
Content-Type: TEXT/HTML; charset=US-ASCII

$mail_body
EOD

      $ENV{PATH} = '';
      if (open(MAIL, "| $sendmail -oi -t")) {
    print MAIL $mailmsg;
    if (close(MAIL)) {
      # all's well
      $status = qq(
      The link was mailed successfully.<BR>
      You can [ <A href="@{[$cgi->url]}?opt=img&gal=$gal_id&id=$img_na
+me">return to gallery</A> ]
      or send the link to someone else:
      <HR>);      
    
      $to_email = '';      
      $to_name = '';
    }
    else {
      # close failed
      $status = qq(\n     ERR: There was a problem processing the mess
+age. Your link was not sent.<BR>);
      log_err("ERR: Mail-a-link failure during mail process/send : $!"
+);
    }
      }
      else {
    # can't connect to server, log and err out
    $status .= qq(\n      ERR: There was a problem connecting to the m
+ail server. Your link was not sent.);
    log_err("ERR: Could not connect to sendmail : $!");
    log_err("       Set the config var \$mail_a_link to 'FALSE' if thi
+s error persists");
      }
    }
  }    
  
  &PrintHead();
  print qq(\n<TABLE border=0 bgcolor="$colors{'img_cap'}" width="100%"
+><TR><TD>&nbsp;</TD></TR></TABLE>);  
  print qq(
<!-- Start Mail-A-Link Table -->       
<TABLE border=0 width="100%">
  <TR>
    <TD>
$status       
       <FORM action="@{[$cgi->url]}" method=POST>
         <INPUT type=hidden name=opt value="mal">
         <INPUT type=hidden name=gal value="$gal_id">
         <INPUT type=hidden name=id  value="$img_name">
         Sending an email link to a friend. <I>(All fields are require
+d)</I><BR>
         <BR>
         Recipient's Name: (up to 30 characters long)<BR>
         <INPUT type=text name=to_name value="$to_name" size=15 maxlen
+gth=30><BR>
         Recipient's Email address: (up to 80 characters long)<BR>
         <INPUT type=text name=to_email value="$to_email" size=30 maxl
+ength=80><BR>
         <BR>
         Your Name: (up to 30 characters long)<BR>
         <INPUT type=text name=from_name value="$from_name" size=15 ma
+xlength=30><BR>
         Your Email Address: (up to 80 characters long)<BR>
         <INPUT type=text name=from_email value="$from_email" size=30 
+maxlength=80><BR>
         <INPUT type=submit value="Send this link!">
       </FORM>
       <HR>
       Sending a link to this image:<BR>
      <IMG src="$img_url/$img_name.jpg" border=0>
    </TD>
  </TR>
</TABLE>              
<!-- End Mail-A-Link Table -->
);  
  &PrintTail();
}
[download]

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.