Re: Perl script to send form data via email

Corion is absolutely right, this a very bad and insecure way of doing this. Consider only this line:

print MAIL "From: $email\n";

If somebody passes faked@example.com\nTo: mail_you_want_to_spam@victim.com as the value of $email - your script can easily be abused for sending spam.

Please do all interent users a favour and don't use this script anywhere.

Comment on Re: Perl script to send form data via email Select or Download Code

Replies are listed 'Best First'.
Re^2: Perl script to send form data via email by gugubanana (Acolyte) on Jun 24, 2008 at 11:44 UTC
Thanks moritz, i've listened to your suggestions and am trying to correct the issues raised here about the script. i agree with you on what you say, however i have not used this script on an actually website. i've created this more as an rough example/tutorial for others. however, i realise now that my good intention to help others is a bad example. :-( thanks again. ps: i will try to remove this post from "cool use of perl" to "not so cool use of perl" :-)	[reply]
Re^3: Perl script to send form data via email by moritz (Cardinal) on Jun 24, 2008 at 11:52 UTC
If you want to, we can consider the node for reaping (ie deleting). Another option is that you restore your original text, and put a warning at the top that it's actually a counter-example, and that the reader should also read the replies to it.	[reply]
Re^4: Perl script to send form data via email by gugubanana (Acolyte) on Jun 24, 2008 at 12:13 UTC
cheers moritz, i've taken your later advice and put an warning on the top of the original post. ta.	[reply]