Gunnar Hjalmarsson wrote:
Nigel Peck wrote:
I'd appreciate hearing (reading!) people's thoughts on making web form
data safe for using to compose an email via sendmail.
Basically, see comments in pseudo-code below, what should I be doing
to the data to make it safe?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
use strict;
use CGI;
my $query = new CGI;
my $example_data = $query->param('some_form_item');
It depends. If you are going to send a plain text message, and the user
submitted data is only used in the body of the message, I can't think of
anything particular. OTOH, if one or more parameter is intended for the
message headers, there are a few things to consider.
Thanks for getting back to me.
For the body of the message, one thing that occurs to me is \n.\n as
that would end the message? But presumably nothing else could be entered
after that as sendmail would close?
So there's nothing that they could "inject" and compromise security in
any way?
For the header, other than newlines, what should I consider?
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
