9 my ($incdir) = "../nwww";
12 my ($doctype) = "$incdir/doctype.inc";
13 my ($style) = "$incdir/style.inc";
14 my ($header) = "$incdir/header.inc";
15 my ($footer) = "$incdir/footer.inc";
16 my ($menu) = "$incdir/menu.inc" ;
18 my ($query) = new CGI;
20 # Note filenames may only have one dot in them, in the ".txt".
21 # This prevents malicious users using "../" to view files.
22 my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
24 # This should be application/xhtml+xml
25 print "Content-type: text/html\n\n";
27 unless (defined $doc) {
28 print "The link to this page was broken - it must specify a .txt file.";
32 # Prevent hackers from supplying a malformed document string.
33 # I.e. only allow normal characters, slashes and dots.
34 unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
35 print "Malformed request.";
38 $doc = "../htdocs/documentation/".$doc;
40 my($docname) = $doc =~ /\/([^\/]+)$/;
42 &print_html($doctype);
48 i-scream plain text documentation viewer
68 i-scream documentation viewer
100 # Print a file, whilst escaping HTML: -
102 my ($urls) = '(' . join ('|', qw{
113 my ($gunk) = '/#~:.?+=&%@!\-';
114 my ($punc) = '.:?\-';
115 my ($any) = "${ltrs}${gunk}${punc}";
117 if(open(FILE, $filename)) {
119 # Use $_ implicitly throughout.
121 # Must do the next line first!
126 s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
132 print "Failed to open $docname.";
136 # Print the contents of a file containing html
139 open(FILE, $filename);