Hello Everybody,
My provider always monitor all scripts, before put them in cgi-bin folder, because of security.
And when I send Cliff formail with autoresponder CGI script to my provider, they answer me this:
"Sorry, but we can't install this script because there is possibility for secure bugs." They also said that the file "response.txt" use by the html form, and that can be dangerous for security. "Except this, all the other parts of script are correct."
Now what i want you guys to help me is to integrate the response.txt file in the below script and i would remove the advanced function in the form which mentions autoresponder=response.txt .
Hope you guys understand what i mean to say.
===Cgi file content=======
#!/usr/bin/perl
##############################################################################
# Copyright 2001 BBSI #
# Created 14/4/01 #
##############################################################################
# Enter the location of sendmail.
$mailprogram = "/usr/lib/sendmail -t";
# Enter the fields that are required. They should each be in quotes and
# separated by a comma. If no fields are required, change the next line
# to @required = ();
@required = ('email','subject');
# Enter your e-mail address. Be sure to put a \ in front of the @.
# (user@domain.com becomes user\@domain.com)
$youremail = "webmaster\@stefan-doo.co.yu";
# Put the posted data into variables
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
# Check for all required fields
foreach $check(@required) {
unless ($FORM{$check}) {
print "Content-type: text/html\n\n";
print "<html><head><title>Missing Information</title></head>\n";
print "<body><h1>Missing Information - IZOSTAVLJENA INFORMACIJA</h1>
\n";
print "I'm sorry, but it would appear that you've forgotten to\n";
print "fill out the $check field. Please click\n";
print "back and try again.\n";
print "Zaboravisli ste da popunite $sceck polje. Molim\n";
print "kliknite na dugme BACK i pokusajte ponovo.\n";
print "</body></html>\n";
exit;
}
}
# Check the senders email
if ($FORM{'email'}) {
unless ($FORM{'email'} =~ /\w+@\w+.\w+/) {
print "Content-type: text/html\n\n";
print "<html><head><title>Bad E-mail</title></head>\n";
print "<body><h1>Bad E-mail - Nepravilna napisan e-mail</h1>
The e-mail address that you've\n";
print "entered, $FORM{'email'}, is invalid. Please click back and\n";
print "try again.\n";
print "E-mail adresa koju ste napisali, $FORM{'email'}, je nepravilna. Kliknite BACK\n";
print "i pokusajte ponovo.\n";
exit;
}
}
open (MAIL,"|$mailprogram");
print MAIL "To: $youremail\n";
print MAIL "From: $FORM{'email'}\n";
print MAIL "Subject: $FORM{'subject'}\n";
print MAIL "Hello. The following information has been submitted:\n\n";
print MAIL "Zdravo. Vas unos izgleda ovako:\n\n";
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
unless ($name eq "response" || $name eq "email" || $name eq "subject") {
print MAIL "$name: $value\n";
}
}
close MAIL;
if ($FORM{'response'} && $FORM{'email'}) {
open (RESPONSE, $FORM{'response'});
@response = <RESPONSE>;
close(RESPONSE);
open (MAIL,"|$mailprogram");
print MAIL "To: $FORM{'email'}\n";
print MAIL "From: $youremail\n";
print MAIL "Subject: $FORM{'subject'} -- Autoresponse\n";
foreach $line (@response) {
print MAIL "$line";
}
print MAIL "Hvala vam. Vase pismo je stiglo na e-mail webmastera i administratora firme STEFAN doo.\n";
print MAIL "Odgovor cete dobiti u najkracem vremenu. Preporucujem da pogledate sledece sajtove:\n";
print MAIL "http://www.stefan-doo.co.yu i http://www.jasmil.co.yu\n";
print MAIL "Thank you. We recieved your e-mail, and we will answer as soon as possible.";
print MAIL "Please, visit these great sites:";
print MAIL "http://www.stefan-doo.co.yu and http://www.jasmil.co.yu";
close MAIL;
}
print "Content-type: text/html\n\n";
print "<html><head><title>Thank you!</title></head>\n";
print "<body><h1>Thank you! - HVALA!</h1>
Thanks for your input! \n";
if ($FORM{'response'} && $FORM{'email'}) {
print "You should receive an autoresponse shortly. U najkracem vremenu dobicete automaski e-mail.<p>\n";
}
print "Please click back. Kliknite na BACK.\n";
=====end content of the cgi file
==== the content fo response.txt====
Thank you for contacting me.
this is an auto response to inform u that i've recieved your mail
Thanks
San
=====end Response.txt=====
Please help me to add the content of response.txt file into the script and remove the function which asks for response.txt file so that there is no security bugs
Thanks in advance
San Trino
My provider always monitor all scripts, before put them in cgi-bin folder, because of security.
And when I send Cliff formail with autoresponder CGI script to my provider, they answer me this:
"Sorry, but we can't install this script because there is possibility for secure bugs." They also said that the file "response.txt" use by the html form, and that can be dangerous for security. "Except this, all the other parts of script are correct."
Now what i want you guys to help me is to integrate the response.txt file in the below script and i would remove the advanced function in the form which mentions autoresponder=response.txt .
Hope you guys understand what i mean to say.
===Cgi file content=======
#!/usr/bin/perl
##############################################################################
# Copyright 2001 BBSI #
# Created 14/4/01 #
##############################################################################
# Enter the location of sendmail.
$mailprogram = "/usr/lib/sendmail -t";
# Enter the fields that are required. They should each be in quotes and
# separated by a comma. If no fields are required, change the next line
# to @required = ();
@required = ('email','subject');
# Enter your e-mail address. Be sure to put a \ in front of the @.
# (user@domain.com becomes user\@domain.com)
$youremail = "webmaster\@stefan-doo.co.yu";
# Put the posted data into variables
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
# Check for all required fields
foreach $check(@required) {
unless ($FORM{$check}) {
print "Content-type: text/html\n\n";
print "<html><head><title>Missing Information</title></head>\n";
print "<body><h1>Missing Information - IZOSTAVLJENA INFORMACIJA</h1>
\n";
print "I'm sorry, but it would appear that you've forgotten to\n";
print "fill out the $check field. Please click\n";
print "back and try again.\n";
print "Zaboravisli ste da popunite $sceck polje. Molim\n";
print "kliknite na dugme BACK i pokusajte ponovo.\n";
print "</body></html>\n";
exit;
}
}
# Check the senders email
if ($FORM{'email'}) {
unless ($FORM{'email'} =~ /\w+@\w+.\w+/) {
print "Content-type: text/html\n\n";
print "<html><head><title>Bad E-mail</title></head>\n";
print "<body><h1>Bad E-mail - Nepravilna napisan e-mail</h1>
The e-mail address that you've\n";
print "entered, $FORM{'email'}, is invalid. Please click back and\n";
print "try again.\n";
print "E-mail adresa koju ste napisali, $FORM{'email'}, je nepravilna. Kliknite BACK\n";
print "i pokusajte ponovo.\n";
exit;
}
}
open (MAIL,"|$mailprogram");
print MAIL "To: $youremail\n";
print MAIL "From: $FORM{'email'}\n";
print MAIL "Subject: $FORM{'subject'}\n";
print MAIL "Hello. The following information has been submitted:\n\n";
print MAIL "Zdravo. Vas unos izgleda ovako:\n\n";
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
unless ($name eq "response" || $name eq "email" || $name eq "subject") {
print MAIL "$name: $value\n";
}
}
close MAIL;
if ($FORM{'response'} && $FORM{'email'}) {
open (RESPONSE, $FORM{'response'});
@response = <RESPONSE>;
close(RESPONSE);
open (MAIL,"|$mailprogram");
print MAIL "To: $FORM{'email'}\n";
print MAIL "From: $youremail\n";
print MAIL "Subject: $FORM{'subject'} -- Autoresponse\n";
foreach $line (@response) {
print MAIL "$line";
}
print MAIL "Hvala vam. Vase pismo je stiglo na e-mail webmastera i administratora firme STEFAN doo.\n";
print MAIL "Odgovor cete dobiti u najkracem vremenu. Preporucujem da pogledate sledece sajtove:\n";
print MAIL "http://www.stefan-doo.co.yu i http://www.jasmil.co.yu\n";
print MAIL "Thank you. We recieved your e-mail, and we will answer as soon as possible.";
print MAIL "Please, visit these great sites:";
print MAIL "http://www.stefan-doo.co.yu and http://www.jasmil.co.yu";
close MAIL;
}
print "Content-type: text/html\n\n";
print "<html><head><title>Thank you!</title></head>\n";
print "<body><h1>Thank you! - HVALA!</h1>
Thanks for your input! \n";
if ($FORM{'response'} && $FORM{'email'}) {
print "You should receive an autoresponse shortly. U najkracem vremenu dobicete automaski e-mail.<p>\n";
}
print "Please click back. Kliknite na BACK.\n";
=====end content of the cgi file
==== the content fo response.txt====
Thank you for contacting me.
this is an auto response to inform u that i've recieved your mail
Thanks
San
=====end Response.txt=====
Please help me to add the content of response.txt file into the script and remove the function which asks for response.txt file so that there is no security bugs
Thanks in advance
San Trino