#!/usr/bin/perl -w

use strict;
use CGI;

$| = 1;

# Settings
my ($incdir) = "../htdocs";

# Include files
my ($doctype) = "$incdir/doctype.inc";
my ($style) = "$incdir/style.inc";
my ($header) = "$incdir/header.inc";
my ($footer) = "$incdir/footer.inc";
my ($menu) = "$incdir/menu-static.inc" ;

my ($query) = new CGI;

# Note filenames may only have one dot in them, in the ".txt".
# This prevents malicious users using "../" to view files.
my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);

# This should be application/xhtml+xml
print "Content-type: text/html\n\n";

unless (defined $doc) {
    print "The link to this page was broken - it must specify a .txt file.";
    exit;
}

# Prevent hackers from supplying a malformed document string.
# I.e. only allow normal characters, slashes and dots.
unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
    print "Malformed request.";
    exit;
}
$doc = "../htdocs/cms/documentation/".$doc;

my($docname) = $doc =~ /\/([^\/]+)$/;

&print_html($doctype);

print <<"END";

  <head>
    <title>
      i-scream plain text documentation viewer
    </title>
END

&print_html($style);

print <<"END";

  </head>
  <body>
    <div id="container">
      <div id="main">
END

&print_html($header);

print <<"END";

        <div id="contents">
          <h1 class="top">
            i-scream documentation viewer
          </h1>
          <h2>
            $docname
          </h2>
END

&print_file($doc);

print <<"END";

        </div>
END

&print_html($footer);

print <<"END";

      </div>
END

&print_html($menu);

print <<"END";

    </div>
  </body>
</html>
END

exit 0;

# Print a file, whilst escaping HTML: -
sub print_file {
my ($urls) = '(' . join ('|', qw{
	       http
	       telnet
	       gopher
	       file
	       wais
	       ftp
	       } )
	   . ')';

    my ($ltrs) = '\w';
    my ($gunk) = '/#~:.?+=&%@!\-';
    my ($punc) = '.:?\-';
    my ($any) = "${ltrs}${gunk}${punc}";
    my ($filename) = @_;
    if(open(FILE, $filename)) {
        print "          <pre>\n";
        # Use $_ implicitly throughout.
        while (<FILE>) {
            # Must do the next line first!
            s/&/&amp;/g;
            s/</&lt;/g;
            s/>/&gt;/g;
            s/"/&quot;/g;
            s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
            print;
        }
        print "\n</pre>";
    }
    else {
        print "Failed to open $docname.";
    }
}

# Print the contents of a file containing html
sub print_html ($) {
    my ($filename) = @_;
    open(FILE, $filename);
    while(<FILE>) {
        print;
    }
    close FILE;
}