[wellylug] Mail cgi

Pete Black pete at marchingcubes.com
Thu Oct 14 15:38:11 NZDT 2004 

Hi there,

while it is generally unsafe to set the recipient from the HTML (since 
it would be easy to exploit by submitting form contents with a user at host 
form element that would make your script a rather easy target for 
spammers etc.), however, since thats what you asked..

you can pull the value of the form element named 'email' using a line of 
code like

$recipient=$in('email');

but please consider  setting the recipient using a key where the actual 
email address is loaded from a file. This way people invoking your form 
from the web can only send mail to a specfic set of users.

(this is off the top of my head so no promises w/regard to syntax 
correctness)

Hope it helps,

-Pete

e.g.

a file on disk named mail.recipients:

ed:e.chalaron at xtra.co.nz
ted:t.danson at cheers.com
fred:santa at claus.com


#Read in our file
my %recipientHash;
my $key,$val;
open (INFILE,"mail.recipients");
while (<INFILE>)
    {
    #Split the line from our file on the ':' character.
    ($key,$val)=split(/:/,$_);  
    #Add the record to a hashtable in memory.
    $recipientHash{$key}=$val;
    }
close (INFILE);

#our 'tags' and email addresses are now stored in %recipientHash.

#Get all the submitted form fields - these show up the hash '%in'

%in= &getcgivars

#Get our recipient 'tag' from the submitted form- e.g. 'ed'

my $recipientTag=$in{'email'};

if ($recipientTag eq "")
    {
    #No tag found in the file - die or display error etc.
    die ("Tag not found in file!");
    }
else
    {   
    #look up the actual email address in our hash.
    my $realRecipient=$recipientHash{$recipientTag};
   
#chop off the /n which might have snuck in from the file - probly doesnt 
matter but just in case
    $realRecipient=~s/\n//g;  

    #Send the mail
    ....
    <insert rest of mail sending code here>
    ....
    }










>For Perl users....
>
>I got installed a mail cgi script.
>
>Now I am trying to "improve" it and make it a multirecipient script and 
>eventually attach files.
>
>I have a variable "email" in my html form. I want to replace the value 
>$recipient by the value of "email" given by my form so I can email to Santa 
>as well rather than just I
>
>Here is how things are working for now :
>
>First variables declared
>$mailprog="/bin/mail/"
>$recipient="edouard" 
>
>
>Then obviously all data from the form are fetched with :
>%in= &getcgivars
>
>3rd step: mail is built
>
>open (MAIL, "|$mailprog $recipient")
>Obviously the all lot is then used as
>foreach (sort keys %in) {
>blablalba
>doplentyofthings
>printf MAIL etc...
>}
>Close (MAIL);
>
>If someone can tell me how to change the value of $recipient, I might get 
>something for Xmas.
>
>Cheers
>E.
>
>
>  
>

More information about the wellylug mailing list