I just had blow up with a sys. adm. who said my script (see below) is potentialy unsecure and dangerous and therefor unacceptable.
They are going with this one :) <http://dtheatre.com/scripts/formmail.php> note the line from my script: print MAIL "TO: [EMAIL PROTECTED]"; Is there away some could hijack my script, if so how, or is this sys. adm. not living in the real world? Thanks! Dave Gilden (kora musician / audiophile / webmaster @ www.coraconnection.com / Ft. Worth, TX, USA) -------script-------- #!/usr/local/bin/perl use CGI qw/:standard/; use POSIX 'strftime'; use strict; my $mailprog = '/usr/lib/sendmail'; my $subject = "Jakes's Lawn Care Contact Page"; my $date = strftime('%A, %B %d, %Y %I:%M %p',localtime(time() + (2*60*60))); my $name = param('First Name') . " ". param('Last Name'); my $email= param('email'); $email = lc($email); # Send E-Mail &send_mail; # Return HTML Page print redirect("/pages/thankyou.html"); exit; sub send_mail { my $data; $email ||= "[EMAIL PROTECTED]"; open(MAIL, "|$mailprog -t"); print MAIL "TO: [EMAIL PROTECTED]"; print MAIL "From: $name <$email>\n"; print MAIL "Subject: $subject\n\n"; print MAIL "$subject: $date\n", '-' x 60, "\n" ; foreach my $val (param()){ $data = param($val); print MAIL "$val: $data\n"; } close(MAIL); } __END__ -- Artificial intelligence is no match for natural stupidity. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
