in reply to Re: Re: Re: Redirecting Problem
in thread Redirecting Problem

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
•Security and design problems - beware
by merlyn (Sage) on Aug 08, 2002 at 22:28 UTC
    I downvoted this because it scares me.

    First, you are allowing people to randomly send me anonymous messages without getting my prior permission. That IS SPAM, in spite of your insistence to the contrary. (Most spam claims not to be. {sigh})

    Second, you aren't checking the contents of $form{email}, so I could inject something with newlines and control the entire header. Sure, your header and message would appear far later down in the tail of the body, but by then, the person is already reading my Penis Extension or Nigerian Request, and clicking here and there to buy my crap.

    Third, sending email from CGI is the wrong way to go. If you have a mailing problem, the solution is almost certainly not CGI. CGI is meant for a reply through HTTP, not for a mailing action as a side-effect.

    As I said, this post scares me. Please, you need design help and security help. Maybe even ethical help. Not just Perl help.

    -- Randal L. Schwartz, Perl hacker

      I respect your opinion on downvoting me. But I'd like to say, I am really new to perl so by saying everything I've been doing was wrong really isn't helping any. I realise there must be millions of things wrong with my scripts, but until I learn more about perl it's just going to have to be like that... :(

      If you are actually Randal L. Shwartz, I am currently reading one of your books!

Re: Re: Re: Re: Re: Redirecting Problem
by tommyw (Hermit) on Aug 08, 2002 at 22:58 UTC

    Your logic bomb is here:

    my $redirect; use CGI; my $query=CGI->new; print $query->redirect($redirect);
    as various people have tried to tell you: you need to actually have a url to redirect to. Since it's undefined, the browser is being redirected back to the same page. With the result that the form gets submitted as fast as the browser and server can handle it.

    However, for your real problem, see Merlyn's comment.

    Oh, and when it's working, let me have the real URL, so I can sign up many fake email addresses...

    --
    Tommy
    Too stupid to live.
    Too stubborn to die.