9 my ($menu) = "../nwww/menu.inc" ;
10 my ($header) = "../nwww/header.inc";
11 my ($footer) = "../nwww/footer.inc";
12 my ($style) = "../nwww/style.inc";
14 my ($query) = new CGI;
16 # Note filenames may only have one dot in them, in the ".txt".
17 # This prevents malicious users using "../" to view files.
18 my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
20 print "Content-type: text/html\n\n";
22 unless (defined $doc) {
23 print "The link to this page was broken - it must specify a .txt file.";
27 # Prevent hackers from supplying a malformed document string.
28 # I.e. only allow normal characters, slashes and dots.
29 unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
30 print "Malformed request.";
33 $doc = "../htdocs/documentation/".$doc;
35 my($docname) = $doc =~ /\/([^\/]+)$/;
38 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
39 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
44 <title>i-scream plain text documentation viewer</title>
63 <h1 class="top">i-scream documentation viewer</h1>
86 # Print a file, whilst escaping HTML: -
88 my ($urls) = '(' . join ('|', qw{
99 my ($gunk) = '/#~:.?+=&%@!\-';
100 my ($punc) = '.:?\-';
101 my ($any) = "${ltrs}${gunk}${punc}";
103 if(open(FILE, $filename)) {
105 # Use $_ implicitly throughout.
107 # Must do the next line first!
112 s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
118 print "Failed to open $docname.";
122 # Print a file without escaping HTML: -
125 print `cat $filename 2>&1`;