X-Git-Url: http://git.i-scream.org/?a=blobdiff_plain;f=cgi-bin%2Fdocs.cgi;h=0336e4c71b84c2fda82d3ef27e41e768fe4b42b2;hb=bf4c2c7a1e482ddfb7225425020bf2729545660a;hp=6760915f660057df6c621761aa92c3e39f764961;hpb=a9505cb6bcd4d76d48f6a126f8eea18be87ec2ad;p=www.i-scream.org.git diff --git a/cgi-bin/docs.cgi b/cgi-bin/docs.cgi index 6760915..0336e4c 100755 --- a/cgi-bin/docs.cgi +++ b/cgi-bin/docs.cgi @@ -19,11 +19,26 @@ my ($bottom) = "../bottom.inc"; my ($query) = new CGI; -my ($doc) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/); -$doc = "../documentation/".$doc; + +# Note filenames may only have one dot in them, in the ".txt". +# This prevents malicious users using "../" to view files. +my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); print "Content-type: text/html\n\n"; +unless (defined $doc) { + print "The link to this page was broken - it must specify a .txt file."; + exit; +} + +# Prevent hackers from supplying a malformed document string. +# I.e. only allow normal characters, slashes and dots. +unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { + print "Go Away, you nasty hax0r!"; + exit; +} +$doc = "../documentation/".$doc; + print <<"END"; @@ -77,6 +92,20 @@ exit 0; # Print a file, whilst escaping HTML: - sub print_file ($) { + my ($urls) = '(' . join ('|', qw{ + http + telnet + gopher + file + wais + ftp + } ) + . ')'; + + my ($ltrs) = '\w'; + my ($gunk) = '/#~:.?+=&%@!\-'; + my ($punc) = '.:?\-'; + my ($any) = "${ltrs}${gunk}${punc}"; my ($filename) = @_; open(FILE, $filename) or die "Cannot open $filename: $!\n"; print "
\n";
@@ -87,6 +116,7 @@ sub print_file ($) {
         s//>/g;
         s/"/"/g;
+        s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox;
         print;
     }
     print "
"; @@ -95,5 +125,5 @@ sub print_file ($) { # Print a file without escaping HTML: - sub print_html ($) { my ($filename) = @_; - print `cat $filename`; + print `cat $filename 2>&1`; }