[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] HTML mail

I use a modified version of Matt's FormMail.pl with no problem. The main
security problem would be if you over-customized the @referers array that
he has set up to only allow form submissions from specific hosts or IPs. 
Other than that, he's done an excellent job of removing server side
includes through a nice little regular expression routine that patches up
that potential security hole.

The only problem is that it does not allow for much customization in terms
of the message formatting. That is where I had to modify the script to
format it in the manner I needed.

Other scripts, like cgiemail seem to have problems running through
cgiwrap. I didn't want to customize the folder's .htaccess file to allow
for one-off cgiwrap disabling, so I just customized FormMail.pl.

I'd highly recommend it to anyone who needs a good generic form to email
processor.

- Sean

------

On Thu, 13 Apr 2000, H.P. Stroebel wrote:

> Jeff Lasman schrieb:
> > 
> > I use FormMail.pl from Matt's script archives.
> 
> I don`t remember it exactly, but there were some problems
> with that script, at least version 1.0...
> I saw several recommendations NOT to use this script due to
> security reasons.
> 
> check this :
> 
> http://www.perl.com/CPAN-local/doc/FAQs/cgi/wwwsf4.html
> 
> cu
> H.P. Stroebel, Germany
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>