On Dec 7, 2005, at 3:55 AM, David Dorward wrote:
What tests must be in place in order to keep your perl scripts from
being hijacked from spammers? Any help would be greatly appreciated.
For forms that send email, you don't want to let the user enter a To,
CC, or BCC address.
Nor should
On Wed, Dec 07, 2005 at 01:19:59PM -0600, Bill Stephenson wrote:
Nor should you allow new lines ...
$subject = User entered data with\nBCC: spam victim [EMAIL PROTECTED]
I wasn't aware of that problem. I'm guessing that using CGI.pm to parse
input helps solve that problem. Is this correct?
On Thu, 2005-12-08 at 12:24 -0600, Bill Stephenson wrote:
I tried your example and could not get it to send the email to the
spammed address. It just stuck it in the subject line like it should
have.
I don't have anything special in the script to filter the newline.
use
On Dec 8, 2005, at 3:27 AM, David Dorward wrote:
On Wed, Dec 07, 2005 at 01:19:59PM -0600, Bill Stephenson wrote:
Nor should you allow new lines ...
$subject = User entered data with\nBCC: spam victim
[EMAIL PROTECTED]
I wasn't aware of that problem. I'm guessing that using CGI.pm to