On Thu, Sep 07, 2000 at 01:25:21PM -0700, Randal L. Schwartz wrote:
> >>>>> "Roger" == Roger Espel Llima <[EMAIL PROTECTED]> writes:
>
> Roger> # limit allowed characters in email addresses
> Roger> $to =~ tr/-a-zA-Z0-9_+%$.,:!@=()[]//cd;
>
> * An email address can have ANY CHARACTER OF THE PRINTABLE ASCII SEQUENCE.
> * An email address NEVER NEEDS TO GET NEAR A SHELL, so ALL CHARACTERS
> * ARE SAFE.
err, you're right. my code had another bug too: qmail-inject's -f
option wants the email address only, not the "Full Name <email@address>"
thing. that's what I get for trying to make "cosmetic" changes to code
just before posting.
here's the function again, exactly as we use it, and without the
filtering:
sub sendmail {
my ($from, $to, $subject, $message, $name) = @_;
local *MAIL;
# safe pipes adapted from man perlipc
local $SIG{PIPE} = sub {};
my $pid = open (MAIL, "|-");
local $SIG{ALRM} = sub { CORE::exit; };
unless (defined $pid) {
# fork failed!
return "Error sending mail.";
}
if ($pid) {
# parent
if (defined $name) { print MAIL "From: $name <$from>\n"; }
else { print MAIL "From: $from\n"; }
print MAIL "To: $to\n";
print MAIL "Subject: $subject\n\n";
print MAIL $message, "\n";
close MAIL;
return 1;
} else {
# child
exec("/var/qmail/bin/qmail-inject", "-f", $from, "--", $to)
|| CORE::exit;
}
}
> Man, if I see ONE MORE script that checks for a "legal email",
well, you could always try to check the address against rfc822... but
that would be one hell of a regexp, and it'd be mostly useless, since
the worst that can happen is a bounced email.
> I'm gonna scream. Matter of fact, I already did. :)
feels better doesn't it? :)
--
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html
