In fact, I just sent a couple of messages through your form handler to arbitrary (my) addresses from bogus senders with arbitrary content. You are, in effect, an open relay.
You can have no fewer than 2 tafs to do this without causing yourself headaches: 1. Arbitrary content, constrained recipients 2. Arbitrary recipients, constrained content And you can't constrain by placing things in hidden fields. They're not hidden and quite accessible. F'rinstance: The #1 case: You can allow the form designer lots of latitude to create fields, as long as at least one is constrained to a selection list, say the subject. If the subject list is maybe 10 items, then your taf can direct it to the appropriate recipient based on the subject. The recipient is both truly hidden and constrained. (you can make this recipient selection logic complex, if that's to your liking.) (You'd have to pull out all the ARGs and their values to place in the email message, and you're ok.) The #2 Case: A form on a web page that says "send me to your friends". Sender puts in his/her own sender email, recipient's, a message, and off it goes. The taf then generates a copy of that page with the sender's comments and sends to the recipient. That has little value to a hijacker, because your content is filling up the page. Moral: All Purpose = All Headache On 3/7/05 4:18 PM, "Robert Shubert" <[EMAIL PROTECTED]> wrote: > I would be willing to share mine if you would like. It has some > semi-advanced features. I'm not certain how I would release it, but > that's open for discussion. I wouldn't charge for it. You can see what > it does here: > > http://www.tronics.net/formhandler.taf?_function=help > > Feel free to try it out. > > Robert > > On Mar 7, 2005, at 5:54 PM, Fogelson, Steve wrote: > >> Has anyone written a all purpose general taf that would accept >> arguments >> from a form and would send them to the specified email address similar >> to >> the script available as freeware. Probably need a return url to >> execute when >> finished. >> >> IE: a "contact us", etc form >> >> I would like to avoid using a script and use Witango instead. I can >> probably >> write one, but just checking to see if anyone has one to share. >> >> Thanks >> >> Steve Fogelson >> Internet Commerce Solutions >> _______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > ----------------------------------------- Roland Dumas Roberts Information Services 310 W. Bellevue Avenue San Mateo CA 94402 650-347-1373 415-412-9300 (cell) [EMAIL PROTECTED] SMS: http://new.servqual.com/html/sms.tml ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
