> Hi everybody,
>
> I'm having trouble with setting the path to my sendmail program when
using the -T switch. It's a simple script that creates a from, asks for
an email adresse and sends an answer after the form was submitted. I
keep getting the following error message although I've set the
$ENV{'PATH'} in the script. Can anyone help?
>
> Error message:
> Insecure directory in $ENV{PATH} while running with -T switch at
/usr/local/httpd/cgi-bin/subscribe.pl line 45.
>
> Here is a part of the code
> ________snippet______
>
> #!/usr/bin/perl -wT
> #Pull in modules, create form etc.
>
>
> sub send_mail {
> my $a = shift;
> $a = check($a); #sub that check's the email adress
> print ("Thank your for ordering our Newsletter.");
> $ENV{'PATH'} = "|/usr/sbin/sendmail -oi -t -odq";
> open(SENDMAIL, "$ENV{'PATH'}") or die "Can't fork for sendmail:
$!\n"; print SENDMAIL <<"FILE";
> From: JUVE Newsline <[EMAIL PROTECTED]>
> To: <$a>
> .
> .etc
>
> }
> _____Snippet______
You haven't shown us where you are untainting $ENV{'PATH'}... I assume
you have read perldoc taint ??
How about not shelling out to sendmail in the above manner at all, and
instead use a module to send your messages? There are many available
and unless you are a Sendmail pro you shouldn't bother with it directly.
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
