Gunnar Hjalmarsson wrote:
> Adam Jimerson wrote:
>> I attached my code for my program,
>
> You don't say what to do if the untainting fails. This code:
>
> if ($name =~ /^([...@\w.]+)$/) {
> $name = $1;
> };
>
> should better be:
>
> if ($name =~ /^([...@\w.]+)$/) {
> $name = $1;
> } else {
> die "Untainting of the name failed";
> }
>
> Please consider, for instance, what happens if the user submits both a
> first and last name.
>
It seams I over looked the space, is it possible to include spaces in the
search string?
>> All the variables that have user submitted content go through the
>> above search string as soon as the program retrieves it.
>
> I think it's just the $name variable that needs to be untainted for the
> program to pass Perl's taint check.
>
> Since this is about a contact form, I can't help calling your attention
> to my contact form module. The link in the sig below takes you to a form
> that was created by that module. The whole code that is needed, given
> that the form has been installed, is:
>
> #!/usr/bin/perl -T
> use CGI::ContactForm;
>
> contactform (
> recname => 'My Name',
> recmail => 'm...@example.com',
> styleurl => '/style/ContactForm.css',
> );
>
> You find the module at CPAN:
> http://search.cpan.org/dist/CGI-ContactForm/
>
Your form looks interesting, but in the long run I think it would benefit me
more learning wise to fix my program.
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
