Re: Perl Mailer

2 things...

I don't see where you are sending the status code back to the browser (302 in this case, I believe)
~~However, since you say it is sending the .pl file back to the user, it sounds like your server is not running the .pl file (shouldn't that be .cgi?), but is treating it as a binary file.~~ What are the contents of the file it is asking you to download? See the posts by trwww below.

Now a few warnings:

Your code is not sanitizing the data from the user at all. In fact, it would be trivial to implement a code injection attach against this script. What happens if $message, $subject, $raddr, or $saddr contain quotes, extra parameters, or even extra commands?
You are using the one parameter form of system. Use the multiple parameter form of system instead. That can help mitigate the risk of only part of the previous security question.

Not to be harsh, but this script has gaping holes reminiscent of Matt's Script Archive and large enough for Santa Clause to drive his sleigh through. Please consider finding an application from NMS or other recommended sites that meets your needs.

--MidLifeXis

Comment on Re: Perl Mailer Select or Download Code

Replies are listed 'Best First'.
Re^2: Perl Mailer by Six (Initiate) on Dec 17, 2008 at 17:49 UTC
Gaping holes? I'm sure, I'm very new to this and this is just a script i found and am editing to suit my needs. I'm interested in learning more about perl, but deadlines often trump our best laid plans. thanks for the advice, I'll take a look at all of this and see what I can do, thanks again!	[reply]
Re^3: Perl Mailer by MidLifeXis (Monsignor) on Dec 17, 2008 at 18:09 UTC
A mantra oft spoken within the monastery walls is "Don't reinvent the wheel". Now it looks like you are trying to listen to that advice. However, your starting point appears to be not worth it. At the very least, look at sanitizing form input, safe system, CGI security, Ovid's old course, and other security topics. --MidLifeXis	[reply]