Re^3: E-Mail responder

Since you get $subject from the form, a spammer can put a \n in the subject, and create an additional "to:" line. This is the source of the spam.

Never take unchecked input and insert it into any part of a mail header.

Comment on Re^3: E-Mail responder

Replies are listed 'Best First'.
Re^4: E-Mail responder by good2cu (Initiate) on Nov 28, 2005 at 14:55 UTC
Thanks. I am not very experienced in perl. I understand (I think) what you have said but can you give me a clue - pointer - as to how to check the input and avoid the problem? Best regards	[reply]
Re^5: E-Mail responder by larryp (Deacon) on Nov 28, 2005 at 18:17 UTC
Hi good2cu, Take a look at Ovid's CGI Course. Pay special attention to the parts that explain using Taint mode and untainting data. Furthermore, searching Perlmonks for "Taint" produces a number of good links, as shown here. HTH, Larry	[reply]