Perl Security - Prevent SPAM

jazzwill has asked for the wisdom of the Perl Monks concerning the following question:

I have tried reading up on security. I want to make sure my code is ok though. I am a Perl novice and have learned by looking at other code. Any help would be MOST helpful. I do not want to help spammers. OK, this is what I use to email stuff back to me from my website:

#The emailing part:

sub sendMail
{
    $email = $FORM{'Email'} ;
    if (length $email > 80) {
      &Show_Critical_Error ('Email Address too long!');
    }
    if ($email =~ /^[^@]+@([-\w]+\.)+[A-Za-z]{2,4}$/)
        {
    open(MAIL, "|$email_path -t -oi -odq") || &Show_Critical_Error('Sy
+stem Error.  Unable to open mail application.') ;
    print MAIL "To: myemail\@mydomain.com(my domain name)\n" ;
    print MAIL "From: $FORM{'Email'} (JazzKids SITE)\n" ;
    print MAIL "Subject: WEBSITE CONTACT-jazzkids\n" ;
    print MAIL "\n" ;
    print MAIL "Name: $FORM{'Name'}\n\n" ;
    print MAIL "Email: $FORM{'Email'}\n\n" ;
    print MAIL "Address: $FORM{'Address'}\n\n" ;
    print MAIL "City: $FORM{'City'}\n\n" ;
    print MAIL "State: $FORM{'State'}\n\n" ;
    print MAIL "Zip: $FORM{'Zip'}\n\n" ;
    print MAIL "Specialty: $FORM{'Specialty'}\n\n" ;
    print MAIL "Best to reach by: $FORM{'Reachby'}\n\n" ;
    print MAIL "Best to reach when: $FORM{'Reachwhen'}\n\n" ;
    print MAIL "Comments: $FORM{'Comments'}\n\n" ;
    print MAIL "----------------------------------------\n\n" ;
    print MAIL "Sent from: $FORM{'form'}\n\n" ;
    close(MAIL) ;
    }
    
    else {&Show_Critical_Error('EMAIL ADDRESS INVALID.') ;}
}
[download]

#The parsing part:

sub Parse_Post_Form
{
    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}) ;
    @pairs = split(/&/, $buffer) ;
    $valid = "[A-Za-z]\@\:\." ;
    foreach $pair (@pairs) 
    {
        ($name, $value) = split(/=/, $pair) ;
        $value =~ tr/+/ / ;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg ;
        $value =~ s/[^$valid]/./go; 
        $FORM{$name} = $value ;
        if ($value =~ s/`//) {
          &Show_Critical_Error ('No back ticks allowed!');
    }
    }
}
[download]

THANKS for any help!!

SORRY IF THIS IS A DUPE!

Edit by castaway - removed extra br tags inside code tags

Considered by VSarkiss: Delete: dup of Reaped: Perl Security which has replies
Unconsidered by Arunbear: keep votes prevented reaping; Keep/Edit/Delete: 15/5/18

Comment on Perl Security - Prevent SPAM Select or Download Code

Replies are listed 'Best First'.
Re: Perl Security - Prevent SPAM by techcode (Hermit) on Oct 07, 2005 at 01:48 UTC
Hello! Welcome to the PerlMonks - you've come to the right place. 1. You don't need to include <br> inside <code> tag. 2. Parsing part is so crappy :) But don't worry - I used it too :) Here is classic hello world script that will become your best friend from now on ... `#!perl use strict; # this is a MUST! use CGI; # so you don't parse it by hand my $query = CGI->new(); # my is because of strict pragma print $query->header(); # so you don't do it by hand print "Hello World!";` [download] When you have something like that (inside $query you have an CGI object) you can easily get any post or get parameter passed to your script easily. `my $form = $query->Vars();` [download] In this case, $form will contain a hashref of form fields. So if you want to say print value of field called "name" : `print $form->{name};` [download] Now let's address your Show_Critical_Error() function :) Add this to top of your script. `use CGI::Carp qw(fatalsToBrowser); .... .... if($error) { die "Error message"; }` [download] And it will print a relatively nice error message to the browser ;) I believe this is enough to get you started! There are many more things to learn, but take them one by one ... Have you tried freelancing? Check out Scriptlance - I work there.	[reply] [d/l] [select]
Re^2: Perl Security - Prevent SPAM by jazzwill (Initiate) on Oct 07, 2005 at 03:04 UTC
Thanks! I am new to the whole: my $variable and strict. Where do I get more info about them?	[reply]
Re^3: Perl Security - Prevent SPAM by GrandFather (Saint) on Oct 07, 2005 at 03:12 UTC
Have a read through the Tutorial material starting with the "Getting Started with Perl" series. `use strict; use warnings;` are used to pick up errors, normally due to sloppy programming, like mistyping variable names and using variable before they are initialised. If there are errors of that sort in code you post here you are lible for a bit of a drubbing! Perl is Huffman encoded by design.	[reply] [d/l]
Re^4: Perl Security - Prevent SPAM by jazzwill (Initiate) on Oct 07, 2005 at 11:43 UTC
Re^3: Perl Security - Prevent SPAM by eXile (Priest) on Oct 07, 2005 at 14:10 UTC
documentation for perl comes with perl itself, there are unix-style man pages, and there is the 'perldoc' utility that you can use to get information, they are pretty self-explanatory. Perl documentation is also made available on http://perldoc.perl.org, try searching there for 'my' or 'strict' and you'll find more information. And .... Google is your friend	[reply]
Re: Perl Security by Zed_Lopez (Chaplain) on Oct 07, 2005 at 00:32 UTC
You might like to look at nms' tfmail for an example. (And please check out Writeup Formatting Tips and use code tags around your code.)	[reply]
Re: Perl Security by cowboy (Friar) on Oct 07, 2005 at 17:49 UTC
First thing, don't re-invent the wheel on http request processing. Use CGI or CGI::Simple, or some other module that has been very heavily tested, rather than trying to process data yourself. For email address processing, try Email::Valid `my $addr = Email::Valid->address( -address => $email, -mxcheck => 0 ); if ($addr) { # send it }` [download] For actual sending, look at some of the sending modules. Net::SMTP is a good one.	[reply] [d/l]