Home > Archive > PERL CGI Beginners > October 2006 > Matt Wright's "formmail" script
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Matt Wright's "formmail" script
|
|
| Lisa Simpson 2006-10-04, 6:55 pm |
| Is anyone familiar with Matt Wright's "formmail" script? How do I get it to
send to a recipient that is to be fulled from a form field instead of "hard
coding" it into a hidden field?
| |
| Paul Lalli 2006-10-05, 7:55 am |
|
Lisa Simpson wrote:
> Is anyone familiar with Matt Wright's "formmail" script?
STOP
DO NOT USE Matt Wright's scripts. They are broken,
security-hole-ridden scripts that MATT HIMSELF tells us he would not
write nor even use today. See his site at scriptarchive.com for more
information.
Instead, use the drop-in replacement for Matt's Scripts, the NMS
archive, found at http://nms-cgi.sourceforge.net/
Paul Lalli
| |
| Lisa Simpson 2006-10-05, 6:56 pm |
| Can anyone just please answer the question if you have the knowledge please?
"Paul Lalli" <mritty@gmail.com> wrote in message
news:1160052614.034186.125850@i42g2000cwa.googlegroups.com...
>
> Lisa Simpson wrote:
>
> STOP
>
> DO NOT USE Matt Wright's scripts. They are broken,
> security-hole-ridden scripts that MATT HIMSELF tells us he would not
> write nor even use today. See his site at scriptarchive.com for more
> information.
>
> Instead, use the drop-in replacement for Matt's Scripts, the NMS
> archive, found at http://nms-cgi.sourceforge.net/
>
> Paul Lalli
>
| |
| Paul Lalli 2006-10-06, 7:55 am |
| Lisa Simpson wrote:
> "Paul Lalli" <mritty@gmail.com> wrote in message
> news:1160052614.034186.125850@i42g2000cwa.googlegroups.com...
[color=darkred]
> Can anyone just please answer the question if you have the knowledge please?
"I'm driving a car that has no brakes. I can't figure out how to make
it turn left. Can anyone help me?"
"STOP! NEVER drive a car without breaks! You're going to hurt
yourself and possibly others!!"
"Will someone please just tell me how to make it turn left!!"
Paul Lalli
| |
| Lisa Simpson 2006-10-06, 7:55 am |
| Whatever. Just please answer the question if you can, refrain from
commenting if you cannot.
"Paul Lalli" <mritty@gmail.com> wrote in message
news:1160136070.071744.175250@m73g2000cwd.googlegroups.com...
> Lisa Simpson wrote:
>
please?[color=darkred]
>
>
> "I'm driving a car that has no brakes. I can't figure out how to make
> it turn left. Can anyone help me?"
>
> "STOP! NEVER drive a car without breaks! You're going to hurt
> yourself and possibly others!!"
>
> "Will someone please just tell me how to make it turn left!!"
>
> Paul Lalli
>
| |
| fuzor_silverbolt 2006-10-06, 7:55 am |
| Just change the HTML code:
<input type=hidden name="recipient" value="email@your.host.com">
to
<input type=text name="recipient" value="email@your.host.com">
That'll allow the user to change the recipient of the e-mail. Just be
careful with this because it is possible for the formmail script to be
taken advantage of. Also don't forget to set up the referrers array to
an allowed list of domains that the recipient can be sent to. (This is
in formmail.pl)
~George
Lisa Simpson wrote:
> Is anyone familiar with Matt Wright's "formmail" script? How do I get it to
> send to a recipient that is to be fulled from a form field instead of "hard
> coding" it into a hidden field?
| |
| Paul Lalli 2006-10-06, 6:55 pm |
| Lisa Simpson wrote:
> "Paul Lalli" <mritty@gmail.com> wrote in message
> news:1160136070.071744.175250@m73g2000cwd.googlegroups.com...
> please?
>
> Whatever. Just please answer the question if you can, refrain from
> commenting if you cannot.
Like hell. You're providing a tool that enables spammers to send more
spam to me and my family and friends. I'll comment as I damn well
please. Assisting you is something I have NO intention of doing.
Why should anyone want to help you when you obviously don't care about
the damage you're doing?
Paul Lalli
>
| |
| Paul Lalli 2006-10-06, 6:55 pm |
| fuzor_silverbolt wrote:
> Just change the HTML code:
> <input type=hidden name="recipient" value="email@your.host.com">
>
> to
>
> <input type=text name="recipient" value="email@your.host.com">
>
> That'll allow the user to change the recipient of the e-mail. Just be
> careful with this because it is possible for the formmail script to be
> taken advantage of. Also don't forget to set up the referrers array to
> an allowed list of domains that the recipient can be sent to. (This is
> in formmail.pl)
Oh that's beautiful. Thank you, ever so much, for making the script
even MORE accessible to spammers. Wasn't enough that just the script
itself allows a spammer to send mail to anyone by bypassing the form.
Now you've enabled the form to provide a beautiful front end for any
spammer to spam anyone they please. Well done.
Paul Lalli
| |
| Lisa Simpson 2006-10-06, 6:55 pm |
| geez, dude, chill; you're gonna pop a vein; you really oughta take some
anger management classes, as well as etiquette classes; didn't your mama
ever teach you to keep your trap shut if ya ain't got nothing nice to say?
As far as sending spam "to you & your family"; do you really have that
inflated of an ego to think that everything that gets done on the internet
is with you in mind? As for sending spam to your friends, well . . .
"Paul Lalli" <mritty@gmail.com> wrote in message
news:1160144085.204062.75990@m73g2000cwd.googlegroups.com...
> Lisa Simpson wrote:
>
> Like hell. You're providing a tool that enables spammers to send more
> spam to me and my family and friends. I'll comment as I damn well
> please. Assisting you is something I have NO intention of doing.
> Why should anyone want to help you when you obviously don't care about
> the damage you're doing?
>
> Paul Lalli
>
>
>
| |
| Paul Lalli 2006-10-06, 6:55 pm |
| Lisa Simpson wrote:
>
> "Paul Lalli" <mritty@gmail.com> wrote
> geez, dude, chill; you're gonna pop a vein; you really oughta take some
> anger management classes, as well as etiquette classes; didn't your mama
> ever teach you to keep your trap shut if ya ain't got nothing nice to say?
> As far as sending spam "to you & your family"; do you really have that
> inflated of an ego to think that everything that gets done on the internet
> is with you in mind? As for sending spam to your friends, well . . .
You want to talk about etiquette? What is the etiquette behind not
caring that you're allowing spammers to use your scripts to spam
everyone?
Oh, by the way, you should really make an attempt to display some Net
Etiquette by not top-posting. It's extremely rude.
As for "me and my family", I was attempting to explain to you why I
have a reason to take it personally. Spammers affect EVERYONE. You,
me, my family and friends, your family and friends, and everyone in
between. And you are enabling them. And you've been told this. And
you have yet to refute it or disagree with it, but clearly don't care.
You are a phenomenally rude person.
I can't for the life of me understand your reasoning. There is a DROP
IN replacement available. You remove the existing formmail.pl, put the
better-written, more secure one in its place, and everything magically
works. With no further effor from you. Is the 2 minutes it would take
to do this really that much hassle for you? And you still can't
understand why anyone would be reluctant to help you?
Please do continue using formmail.pl, on second thought. With any
luck, not only the spammers will find it, but the hackers too. Someone
as rude as you does not deserve to have their data or systems
protected.
Paul Lalli
|
|
|
|
|