I am just trying to do a simple emailer for a site. I came up with the
following and was wondering if there are any security issues that jump
out.
I don't have the option of using anything from cpan for the most part.
Bob
=====================
#!/usr/bin/perl -T
use strict;
use warnings;
use CGI;
my $q = CGI->new();
#
# make %ENV safer
#
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
#
# add to make sendmail taint safe
#
$ENV{PATH} = '/usr/sbin/';
my $sendmail = "/usr/sbin/sendmail -t -oi";
#my $to = "To: us...@domainl\n";
my $to = "To: us...@domain\n";
my $subject = "Subject: New Request\n";
my $verbose_name = $q->param('verbose_list_name');
my $unix_style_name = $q->param('unix_style_name');
my $list_class_type = $q->param('list_type');
my $group_id_tag = $q->param('list_group');
my $primary_contact = $q->param('primary_contact');
my $secondary_contact = $q->param('secondary_contact');
my $archive_flag = $q->param('archive_list');
my $public_archives = $q->param('archive_public');
my $password_reminder = $q->param('password_reminder');
my $list_description = $q->param('list_description');
my $content =<<"MSG";
Verbose Name: $verbose_name
Unix Style Name: $unix_style_name
List Class Type: $list_class_type
Group ID Tag: $group_id_tag
Primary Contact: $primary_contact
Secondary Contact: $secondary_contact
Archive Flag: $archive_flag
Public Archives: $public_archives
Password Reminder: $password_reminder
List Description:
$list_description
MSG
open (MAIL, '|-', '/usr/sbin/sendmail -t');
print MAIL $to;
print MAIL $subject;
print MAIL $content;
close(MAIL);
#
#--- CGI->REDIRECT
#
print $q->redirect( -location => 'http://website/' );
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
