[Gllug] Perl Question - Spam Filter for NMS Form Mail
Peter Corlett
abuse at cabal.org.uk
Sun Feb 8 21:11:11 UTC 2009
On 7 Feb 2009, at 17:14, Lesley Binks wrote:
[...]
> With any form submission you need to html_escape anything if you are
> going to print out it on another webpage. You need to sql escape it
> before you add it to a database. This stops a few form hacks.
> Always prevent someone using the contact firm to send mail elsewhere
> by excluding anything that contains a ':' in the subject or
> other email header such as originator's email or block actual newlines
> added to header data you are allowing to be entered.
That shouldn't be necessary with NMS. The original Matt's Script
Archive scripts are indeed a security nightmare, which is why NMS was
written to be a hardened replacement. NMS is a product of the London
Perlmongers, several of who are on this list.
One nice-to-have feature to add to this particular form would be
Akismet support. See http://akismet.com/
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list