Re: [Nms-cgi-devel] problems with nms-cgi formmail.pl

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

* Nick Cleaton (ni...@cl...) [16 Nov 2001 17:56]:

> Here are the problems I can see in the current nms-cgi guestbook.pl
> script.

> 1) Allows the upload of arbitrary HTML, $allow_html does nothing.

True.

> 2) Makes changes in response to a GET request.

Is that really a problem?

> 3) Truncates and rewrites the file, so someone viewing the
>    guestbook might see a short or empty guestbook during
>    an update.

True. Are you thinking a 'write to new file and mv it' thing?

> Is anyone working on these ?

> Shall I have a go ?

Go for it?

cheers,
--
iain.                                          <http://eh.org/~koschei/>