On 5/23/06 4:39 AM, penscawn at penscawn@...
> My webhost has been busy on my behalf and told me yesterday that my
> code looks fine and they don't know why any form submitted with a
> carriage return included in a text input area triggers their security
> module, but it does.
That's the modeule doing its job. If an intruder tries to run a system
command via a submitted form (for example) then the command will need a line
terminator in order to execute. Hence, the security module trap the EOL
characters and any malicious attempt fails.
> enter key as a way round it, then my host suggested a neat bit of
> lateral thinking [which was beyond me at that point, having lost
> objectivity] - change your Form program and see if it works. So I
> pointed my scripts at ftom.pl instead of FormMail.pl and ... Wingo! It
So ftom.pl strips out the EOL characters, while formmail.pl uses the exact
characters as submitted. Did you ever look at your form code to see how you
were capturing the text?
You know, you could have saved a lot of time if you had worked this
troubleshooting exercise the right way round. Instead of getting an error
and trying to assess how your ISP and its servers were configured, you
should have looked at the first point of entry - your form - and taken it
from there. Also, determining *exactly* what the server error was at the
start would have been helpful to you in your posts, instead of just saying
"it doesn't work".