Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] The Carriage Returns - and works!

Expand Messages
  • Mike Southern
    ... That s the modeule doing its job. If an intruder tries to run a system command via a submitted form (for example) then the command will need a line
    Message 1 of 6 , May 23, 2006
    • 0 Attachment
      On 5/23/06 4:39 AM, penscawn at penscawn@... wrote:

      > My webhost has been busy on my behalf and told me yesterday that my
      > code looks fine and they don't know why any form submitted with a
      > carriage return included in a text input area triggers their security
      > module, but it does.

      That's the modeule doing its job. If an intruder tries to run a system
      command via a submitted form (for example) then the command will need a line
      terminator in order to execute. Hence, the security module trap the EOL
      characters and any malicious attempt fails.

      > I spent ages trying to find a bit of javascript which would disable the
      > enter key as a way round it, then my host suggested a neat bit of
      > lateral thinking [which was beyond me at that point, having lost
      > objectivity] - change your Form program and see if it works. So I
      > pointed my scripts at ftom.pl instead of FormMail.pl and ... Wingo! It
      > works!

      So ftom.pl strips out the EOL characters, while formmail.pl uses the exact
      characters as submitted. Did you ever look at your form code to see how you
      were capturing the text?

      You know, you could have saved a lot of time if you had worked this
      troubleshooting exercise the right way round. Instead of getting an error
      and trying to assess how your ISP and its servers were configured, you
      should have looked at the first point of entry - your form - and taken it
      from there. Also, determining *exactly* what the server error was at the
      start would have been helpful to you in your posts, instead of just saying
      "it doesn't work".
    Your message has been successfully submitted and would be delivered to recipients shortly.