3 #------------------------------------------------------------
6 # Web-based text file viewer.
7 # Copyright Paul Mutton, 2000.
8 #------------------------------------------------------------
16 my ($left) = "../htdocs/left.inc" ;
17 my ($title) = "../htdocs/title.inc";
18 my ($bottom) = "../htdocs/bottom.inc";
21 my ($query) = new CGI;
23 # Note filenames may only have one dot in them, in the ".txt".
24 # This prevents malicious users using "../" to view files.
25 my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
27 print "Content-type: text/html\n\n";
29 unless (defined $doc) {
30 print "The link to this page was broken - it must specify a .txt file.";
34 # Prevent hackers from supplying a malformed document string.
35 # I.e. only allow normal characters, slashes and dots.
36 unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
37 print "Malformed request";
40 $doc = "../htdocs/documentation/".$doc;
43 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
47 Web-based text file viewer and formatter.
48 Created by pjm2 19/10/2000
49 Last modified 02/11/2000
55 <title>The i-scream Project Documentation Viewer</title>
56 <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
57 <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
58 <meta name="generator" content="notepad on acid, aye.">
61 <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
63 <table border="0" cellpadding="2" cellspacing="2">
93 # Print a file, whilst escaping HTML: -
95 my ($urls) = '(' . join ('|', qw{
106 my ($gunk) = '/#~:.?+=&%@!\-';
107 my ($punc) = '.:?\-';
108 my ($any) = "${ltrs}${gunk}${punc}";
110 open(FILE, $filename) or die "Cannot open $filename: $!\n";
112 # Use $_ implicitly throughout.
114 # Must do the next line first!
119 s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
125 # Print a file without escaping HTML: -
128 print `cat $filename 2>&1`;