#!/usr/bin/perl -w #------------------------------------------------------------ # docs.cgi # # Web-based text file viewer. # Copyright Paul Mutton, 2000. #------------------------------------------------------------ use strict; use CGI; $| = 1; # Settings my ($left) = "../left.inc" ; my ($title) = "../title.inc"; my ($bottom) = "../bottom.inc"; my ($query) = new CGI; # Note filenames may only have one dot in them, in the ".txt". # This prevents malicious users using "../" to view files. my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); print "Content-type: text/html\n\n"; unless (defined $doc) { print "The link to this page was broken - it must specify a .txt file."; exit; } # Prevent hackers from supplying a malformed document string. # I.e. only allow normal characters, slashes and dots. unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { print "Go Away, you nasty hax0r!"; exit; } $doc = "../documentation/".$doc; print <<"END";
END &print_html($left); print <<"END"; | END &print_html($title); &print_file($doc); &print_html($bottom); print <<"END"; |
\n"; # Use $_ implicitly throughout. while ("; } # Print a file without escaping HTML: - sub print_html ($) { my ($filename) = @_; print `cat $filename`; }) { # Must do the next line first! s/&/&/g; s/</g; s/>/>/g; s/"/"/g; s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox; print; } print "