Script generated e-mail failing after upgrade to Perl-5.8.8, Apache-2.2.3,

>>>>> "craigs1775" == craigs1775 
<craigs1775yahoo.com> writes:

craigs1775> The code line that generates the e-mail is:

craigs1775>    system("mail -s "Daily
headlines" $whoto < $mailtmp");

You really really REALLY do not want to do this in a CGI
script.

Really REALLY.

Imagine if $whoto could contain a semicolon or newline. 
Ouch.
Or if $mailtmp contained a line beginning with tilde.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. -
+1 503 777 0095
<merlynstonehenge.com> <URL:http://www.ston
ehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy,
etc. etc.
See PerlTraining.Stonehenge.com for onsite and
open-enrollment Perl training!


Unsubscribing info is here: h
ttp://help.yahoo.com/help/us/groups/groups-32.html 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://g
roups.yahoo.com/group/perl-beginner/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http
://groups.yahoo.com/group/perl-beginner/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:perl-beginner-digest@yahoogroups.com 
    mailto:perl-beginner-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    perl-beginner-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

Thanks for the tip. I inherited this site (been running 10
years with
this code) and believe there are scrubbing routines upstream
to
prevent the problems you anticipate...

Any thoughts, though, as to why the old system will generate
the
e-mails with the body content and the new installation of
Perl/Apache/FreeBSD will not?

Thanks!

PS - Part of my original post, just as a reminder:

Am migrating an existing Perl site to new system. (Currently
on
FreeBSD 4.3, Apache 1.3.19, Perl 5.005_03) I'm using a fresh
install
of FreeBSD 6.1, Apache-2.2.3 & Perl-5.8.8.

This site allows and adminstrator to run Perl scripts. One
of these
pulls e-mail addresses from a PostgreSQL database, grabs a
text file
(the message body) and sends out e-mails.

Problem:

- Using the script in a browser does generate the e-mails
but does
not include the text file, resulting in an empty e-mail.

- Running the same script from the command line (i.e. #perl
script.pl) does include the text file as it should. Running
from the
command line is not an option for this site, however.


--- In perl-beginner@yahoogroups.com, merlyn...
wrote:
>
> >>>>> "craigs1775" ==
craigs1775  <craigs1775...> writes:
> 
> craigs1775> The code line that generates the e-mail
is:
> 
> craigs1775>    system("mail -s "Daily
headlines" $whoto < $mailtmp");
> 
> You really really REALLY do not want to do this in a
CGI script.
> 
> Really REALLY.
> 
> Imagine if $whoto could contain a semicolon or newline.
 Ouch.
> Or if $mailtmp contained a line beginning with tilde.
> 
> -- 
> Randal L. Schwartz - Stonehenge Consulting Services,
Inc. - +1 503
777 0095
> <merlyn...> <URL:http://www.ston
ehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing,
Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and
open-enrollment Perl
training!
>




Unsubscribing info is here: h
ttp://help.yahoo.com/help/us/groups/groups-32.html 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://g
roups.yahoo.com/group/perl-beginner/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http
://groups.yahoo.com/group/perl-beginner/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:perl-beginner-digest@yahoogroups.com 
    mailto:perl-beginner-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    perl-beginner-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/