in reply to security trick that doesn't work: system() with arguments problem

You should be using MIME::Lite instead, or maybe Mail::Sender or one of the other mail sending modules. Especially having a "mail sending program" available under /var/www/cgi-bin seems highly problematic as that program will likely be accessible from the outside by crafting a HTTP access.

In your invocation, you have

   '-t','$email_to',

[download]

... but single quotes do not interpolate. You want to leave out the single quotes. But see above for the use of MIME::Lite instead.

Replies are listed 'Best First'.
Re^2: security trick that doesn't work: system() with arguments problem
by tercoz (Acolyte) on May 02, 2012 at 09:24 UTC

    WAIT! ^ MIME::Lite is not recommended by its current maintainer. There are a number of alternatives, like Email::MIME or MIME::Entity and Email::Sender, which you should probably use instead. MIME::Lite continues to accrue weird bug reports, and it is not receiving a large amount of refactoring due to the availability of better alternatives. Please consider using something else.

    This message is on the cpan page of MIME::Lite

    Should I use it?

[reply]

      It works quite well for me, and does so since at least 7 years, so I don't see the reason why it shouldn't be recommended. I don't think that the Email namespace is inherently bad either, but I haven't used any of the modules so I can't recommend any specific module.

[reply]

        Thank you, I shall try this module in my program

[reply]
Re^2: security trick that doesn't work: system() with arguments problem
by bulk88 (Priest) on May 02, 2012 at 16:43 UTC
    It is faster for a programmer who is familiar with shell tools to use system (45 seconds) than to spend an hour or 2 to install and read the POD and write up and test examples on a cpan library. The location of sendmail is a security problem here tho.
[reply]

In Section Seekers of Perl Wisdom