#!/usr/bin/perl -w
#------------------------------------------------------------
# docs.cgi
#
# Web-based text file viewer.
# Copyright Paul Mutton, 2000.
#------------------------------------------------------------
use strict;
use CGI;
$| = 1;
# Settings
my ($left) = "../htdocs/left.inc" ;
my ($title) = "../htdocs/title.inc";
my ($bottom) = "../htdocs/bottom.inc";
my ($query) = new CGI;
# Note filenames may only have one dot in them, in the ".txt".
# This prevents malicious users using "../" to view files.
my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
print "Content-type: text/html\n\n";
unless (defined $doc) {
print "The link to this page was broken - it must specify a .txt file.";
exit;
}
# Prevent hackers from supplying a malformed document string.
# I.e. only allow normal characters, slashes and dots.
unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
print "Malformed request";
exit;
}
$doc = "../htdocs/documentation/".$doc;
print <<"END";
The i-scream Project Documentation Viewer
|
END
&print_html($left);
print <<"END";
|
END
&print_html($title);
&print_file($doc);
&print_html($bottom);
print <<"END";
|
END
exit 0;
# Print a file, whilst escaping HTML: -
sub print_file ($) {
my ($urls) = '(' . join ('|', qw{
http
telnet
gopher
file
wais
ftp
} )
. ')';
my ($ltrs) = '\w';
my ($gunk) = '/#~:.?+=&%@!\-';
my ($punc) = '.:?\-';
my ($any) = "${ltrs}${gunk}${punc}";
my ($filename) = @_;
open(FILE, $filename) or die "Cannot open $filename: $!\n";
print "\n";
# Use $_ implicitly throughout.
while () {
# Must do the next line first!
s/&/&/g;
s//>/g;
s/"/"/g;
s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox;
print;
}
print "";
}
# Print a file without escaping HTML: -
sub print_html ($) {
my ($filename) = @_;
print `cat $filename 2>&1`;
}