CGI script part deux

Figment

Any idea why this would gve a server error? The permissions are all correct.
I hate taking over other peoples projects
Thanks.


#!/usr/local/bin/perl
######################################################################
#
# mailto.cgi v1.4
#
#
#
#
# 1.0 One late night.....
#
# 1.1 Now I close sendmail after I am done with it. Duh.
#
# 1.2 Allow for '-' in email address since \w doesn't inlude it.
# Note: \w _does_ include '_'
#
# 1.3 Allow for '.' in email address for compuserve addresses. And
# include the e-mail that failed for troubleshooting purposes.
# Added exit codes and set buffer flush to immediate.
#
# 1.4 Add checking so that people outside your server can't use your
# script to spoof mail by posting to the cgi with a constructed
# query string.
#
######################################################################
#
# mailform.cgi is a generic cgi mail script that hopefully can't be exploited.
# It will send 'mailformFromEmail' an email message with a list of key = value
# pairs. It will then send the user back the url 'mailformURL'.
#
# The following are the hidden variables that you should set:
#
# mailformFromEmail - the full email address of who the email is from.
# Default = someone@somewhere.com
# mailformFromname - the name of the person the email is 'supposedly' from.
# Default = Someone
# mailformToEmail - the full email address of who the email is to. Must
# be of the form user@some.domain (a-zA-Z0-9_ are allowed)
# No default. This field is REQUIRED.
# mailformToName - the name of the person the email is to.
# No default.
# mailformSubject - the subject of the email to be sent.
# Default = mailform results
# mailformCc - the address to send a cc to.
# mailformBcc - the address to send a blind cc to.
# mailformURL - the url to be returned to the browser.
# Default = HTTP_REFERER
#
# Below is an example of how to use mailform.cgi.
# The only required input is 'mailformToEmail'. All others have
# defaults.
#
#
# #####################################################################

$|=1;

require("cgi-lib.pl") || die "require cgi-lib.pl died";
&ReadParse(*in);



if( !$ENV{SCRIPT_NAME} ){
print <<"EOT";
Content-type: text/plain

It appears that the form is trying to be posted from outside the
servers domain or the server is not CGI 1.1 compliant.

Posting from host: $ENV{REMOTE_HOST}

You should notify the owner of this page of their error.
EOT
exit(0);
}

if( $in{mailformToEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\-\.]+$/ ){
print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid 'ToEmail' address:

ie To: $in{mailformToEmail}

You should notify the owner of this page of their error.
EOT
exit(0);
}

if( $in{mailformCc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformCc}" ne "" ) {
print <<"EOT";
Content-type: text/plain

It appears that the form has given me a an invalid 'Cc' address.

ie Cc: $in{mailformCc}

You should notify the owner of this page of their error.
EOT
exit(0);
}

if( $in{mailformBcc} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformBcc}" ne "" ) {
print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid 'Bcc' address.

ie Bcc: $in{mailformBcc}

You should notify the owner of this page of their error.
EOT
exit(0);
}

if( $in{mailformFromEmail} !~ /^[\w\d]+[\.\-]?[\w\d]*\@[\w\d\.\-]+$/ && "$in{mailformFromEmail}" ne "" ) {
print <<"EOT";
Content-type: text/plain

It appears that you have given me a an invalid mail address.

Your e-mail: $in{mailformFromEmail}

What where you thinking? ;-)
EOT
exit(0);
}


$sendTo = "$in{mailformToEmail}";
if( "$in{mailformCc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformCc});
}
if( "$in{mailformBcc}" ne "" ) {
$sendTo = join(",", $sendTo, $in{mailformBcc});
}


if( "$in{mailformFromEmail}" eq "" ) {
$in{mailformFromEmail} = "someone\@somewhere.com";
}
if( "$in{mailformFromName}" eq "" ) {
$in{mailformFromName} = "Someone";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}
if( "$in{mailformSubject}" eq "" ) {
$in{mailformSubject} = "mailform results";
}

if( "$in{mailformToEmail}" ne "" ) {
open(SM, "| /usr/sbin/sendmail $sendTo");
print(SM "From: $in{mailformFromName} <$in{mailformFromEmail}>\n".
"To: $in{mailformToName} <$in{mailformToEmail}>\n".
"Cc: $in{mailformCc}\n".
"Bcc: $in{mailformBcc}\n".
"Subject: $in{mailformSubject}\n\n");

foreach $key (sort(keys(%in))) {
next if( $key =~ /^mailform/ );
eval print(SM "$key = $in{$key}\n\n");
}
close(SM);
}

if( "$in{mailformURL}" ne "" ) {
print("Location: $in{mailformURL}\n\n");
}else {
print("Location: $ENV{HTTP_REFERER}\n\n");
}
exit(1);

Kev

Can't really see a problem with the script from a quick look over it except that theres no error handling for opening sendmail.

it is also possible that the problem is in how the server is configured.

the best place to look would be in the error.log

davej

Are you still running it on the original machine it was written for?
The location of sendmail may have moved or the "cgi-lib.pl" file that's included at the start may be missing or any number of other things.
As the previous poster suggested you need to look in the http (presumably apache) error logs. This should tell you exactly what the problem is.

davej

jmcc

Also check that the /usr/local/bin/perl is correct. Some boxes may have it at /usr/bin/perl and as such the script will fail. As was said elsewhere in the thread, check that the box has the sendmail link as it could be using an MTA other than Sendmail.

Regards...jmcc

Dr_Teeth

If you're getting 'premature end of script headers' are the error message in the error_log, one reason could be that you have a hidden/dodgy character on the first line (the #! call). Try deleting and re-entering any whitespace (return characters etc) on the first two lines.

Teeth.