I hope you realize that for most of the comments you wrote line by line I have no idea what you are talking about LOL.
Well, you chould change that. Understand what happens in the script, even in its current, scary state. That's not hard. In fact, the lack of error checks actually makes it easier to follow the program flow. Ask for things that you don't understand, in the code and in my review. We are here to answer.
As I said earlier, someone wrote this script 17 years ago and since then it has had some minor changes made by others from trying to make it work on various hosting servers.
That explains the commented-out statements and the indent.
I think it would be best as you say, to remove the script ASAP and try to write a better solution
Yes.
with PHP.
No.
In the meantime I am stuck with it. It does the job and no I have not noticed any errors in the output or mixing up of emails being sent,
Well, then you are lucky not to have a lot of load on the webserver.
but as you say it's got more holes in it than swiss cheese.
At least, it has a lot of potential to be a spam relay, using your company's name. It can also be used to generate malicious web pages that seem to be hosted on your company's hosted webserver. It should be quite easy to steal cookies and other data from the user's browser.
I cannot disable it until I have something better to replace it with. Such is life. Thanks again
Well, you could. Talk to your boss. Make it urgent to get a sane replacement. It's likely much cheaper than fixing the bad reputation you could get if someone finds this script.
Alexander
In reply to Re^4: prevent perl script running from browser
by afoken
in thread prevent perl script running from browser
by snowchild
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |