Adam Jimerson wrote:
I attached my code for my program,
You don't say what to do if the untainting fails. This code:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
};
should better be:
if ($name =~ /^([...@\w.]+)$/) {
$name = $1;
} else {
die "Untainting of the name failed";
}
Please consider, for instance, what happens if the user submits both a
first and last name.
All the variables that have user submitted content go through the
above search string as soon as the program retrieves it.
I think it's just the $name variable that needs to be untainted for the
program to pass Perl's taint check.
Since this is about a contact form, I can't help calling your attention
to my contact form module. The link in the sig below takes you to a form
that was created by that module. The whole code that is needed, given
that the form has been installed, is:
#!/usr/bin/perl -T
use CGI::ContactForm;
contactform (
recname => 'My Name',
recmail => 'm...@example.com',
styleurl => '/style/ContactForm.css',
);
You find the module at CPAN:
http://search.cpan.org/dist/CGI-ContactForm/
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
