Hallo
I'm just an amature perl writer..
but I would think that using the m// (match) would help. somthing like
# $CONFIG{'Feedback'} = the body of the message, change to whatever it is in
the program
if ($CONFIG{'Feedback'} =~ /href=|http:/i ) #i = ignore case
{
# reject code goes here
exit;
}
As to preventing cusswords... good luck...
you could do a string substitution manure is replaced by fertilizer
s/manure/fertilizer/i;
this way the offender never knows what words are being replaced and is less
likely to try to get around this code with words like schist, or phuque or
the like.. I think you get my drift.
And I would do the word check right when the words are being parsed.
Thats how I would do it, but then what do I know..
I'm sure there are better ways... and that certain people on this list will
be quick to shoot me down
while offering no help of there own... but I wanted to get my "good deed"
for the day thing out of the way
this morning ;)
hope it helps.
Lou
> > So I want to expand the script to block sending altogether if the body
> > contains forbidden words like 'href=' or 'http://'.
> > I think that the textbox contents can be retrieved by the following
> > function:
> > $CONFIG{'Feedback'}
> > What I would like to do is to add a new function right before the mail
> > send call inside the main procedure which could set an error if the
> > feedback contains the forbidden words.
> >
> > The main procedure now looks like this:
> >
> >
> > # Check Referring URL
> > &check_url;
> >
> > # Retrieve Date
> > &get_date;
> >
> > # Parse Form Contents
> > &parse_form;
> >
> > # Check Required Fields
> > &check_required;
> >
> > # Return HTML Page or Redirect User
> > &return_html;
> >
> > # Send E-Mail
> > &send_mail;
> >
> > I would like to have a checking procedure right in front of
> > &send_mail, which will fail the script if the forbidden words are
> > present.
>
>
> That's one of Matt's scripts and maybe you missed the world wide movement
> to get everyone off Matt's scripts. Anyway, if you got that going, you
> would find
> Gunnar Hjalmarsson Contact Form a better and easier choice, and more
> secure. See:
> http://search.cpan.org/~gunnar/CGI-ContactForm-1.42/lib/CGI/ContactForm.pm
>
> You set up your form in half a dozen lines, and that's it!
>
> I am sure that you can set up spam filters to do what you want. There is a
> optional argument called spamfilter where you set up a regex and the
> example in the doco is '(?i:</a>|\[/url])' but you can adjust that
> yourself
>
> To modify Formmail.pl, you would need to;
> a: Set up a hash of banned words including the url form
> b: Take the output of the form and discard it if it matches anything in
> the banned word list.
>
> Owen
>
>
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> http://learn.perl.org/
>
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.16.0/1135 - Release Date: 11/16/07
10:58 PM
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
