I wouldn't use this for security reasons (not to mention that it may not foil a decent spider because it does eventually produce the correct mailto: URL).
Use the CGI interface to get the parameters from the URL rather than $ENV, especially since you're pulling in the module anyways (I see this is much better now).
Use taint mode, just to be safe-- and I see that it's there, but you are untainting almost anything that might get passed in.
Don't allow non-word characters in your input variables-- they aren't necessary in an email address are they?
You don't even need to put the domain as "foo.com", just "foo" will be fine, then you can append ".com" in your script.
Final thought: why even allow for input variables... this is the cause of the security problems. Why not just hardcode your own address into the script, so that the rest of us will not start pointing to your script for our own email addresses?
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.