[MacPerl] Security on NT: a form to file script

["David M. Dantowitz" <david@dantowitz.com>]

Here's a simple script that was a hack/port from a standard form to mail 
script... we usually don't do a lot of Perl scripts on NT systems, but 
this one is destined for such a box rather than a MacOS machine.

Are there any "gotchas" that we need to worry about security-wise?

(Their regular NT guy running the web site has taken 3 weeks to get email 
working and rather than wait further, they wanted a quick script from us 
to just save the form data to a file... while they continue to scramble 
with ASP and NT mail...)

Thanks,

David

---


#!/usr/local/bin/perl

#
#
# Temporary quick port of a form to email script. Instead, this
# now simply appends answers to the messages file in the
# cgi-bin folder.
#

if ($ENV{'REQUEST_METHOD'} eq "get") { $buffer = $ENV{'QUERY_STRING'}; }
else { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); }

@nvpairs = split(/&/, $buffer);
foreach $pair (@nvpairs)
{
    ($name, $value) = split(/=/, $pair);

    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    $FORM{$name} = $value;
}

#
# format the mail file
format MAIL =
~~ ^<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$value
.

open (MAIL, ">>messages") || die "can't append to file messages.\n";

foreach $pair (@nvpairs)
   {
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $name =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    print MAIL "$name = $value\n";
   }

print MAIL "-----------------------------\n\n\n";
close (MAIL);

#
#
# Go to the result page based on the value from the form
#
print "Location:$FORM{'redirect'}\n\n";

***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch