#!/usr/bin/perl

print "Content-type:text/html\n\n";

$FORM{'fulltxtpath'} = stripmeta("../www$ENV{'QUERY_STRING'}");

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}

foreach $key (keys(%FORM)) {
if ($key =~ /required/i) {if ( ($FORM{$key} eq "") && ($FORM{$key} == 
+"") ) {failure();}}
}

open INF, $FORM{'fulltxtpath'} or dienice("Cant open $FORM{'fulltxtpat
+h'}");
  seek(INF,0,0);
  @fary = <INF>;
close (INF);

foreach $key (keys(%FORM)) {
   $rep = $FORM{$key};
   foreach $i (@fary) {$i =~ s/\[$key\]/$rep/g;}
}


$mailprog = '/usr/lib/sendmail';
open (MAIL, "|$mailprog -t") or dienice("Can't access $mailprog!\n");
foreach $i (@fary) { print MAIL "$i"; }
close (MAIL);

$FORM{'success'} =~ s/https\:\/\/www.mydomain.com/..\/www/g; 
open INF, $FORM{'success'} or dienice("Cant open $FORM{'success'}");
 seek(INF,0,0);
 @succtxt = <INF>;
close (INF);
foreach $i (@succtxt) { print "$i"; }
exit;

sub stripmeta {
my($var1) = @_;
@meta = ('&',';','`','\'','\\',
         '"','|','*','?','~','<','>',
         '^','(',')','[',']','{','}','$');
$var1 =~ s/\n/ /g; $var1 =~ s/\r/ /g;
foreach $met (@meta){ $var1 =~ s/\Q$met\E/ /g; }
return $var1
}

sub failure {
$FORM{'failure'} =~ s/https\:\/\/www.mydomain.com/..\/www/g; 
open INF, $FORM{'failure'} or dienice("Cant open $FORM{'failure'}");
 seek(INF,0,0);
 @failtxt = <INF>;
close (INF);
foreach $i (@failtxt) { print "$i"; }
exit;
}

sub dienice {
my($errmsg) = @_;
my($webmaster) = 'webmaster@mydomain.com';
print <<Eof;
<html><head><title>Error!!</title></head><body>The error was $errmsg</
+body></html>
Eof
exit;
}

[download]
Will me stripmeta sub protect me from attacks like ;/ rm -r*;/ in the 'QUERY_STRING'??

In reply to Is this safe?? by SilverB1rd

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.