X-Git-Url: http://git.i-scream.org/?a=blobdiff_plain;f=cgi-bin%2Fdocs.cgi;h=0336e4c71b84c2fda82d3ef27e41e768fe4b42b2;hb=bf4c2c7a1e482ddfb7225425020bf2729545660a;hp=ea7fdf8b3e1c7883318d764bfc8e9a833ef407c0;hpb=b85ad0f3e5db5575c19957c4262383fa96421adc;p=www.i-scream.org.git
diff --git a/cgi-bin/docs.cgi b/cgi-bin/docs.cgi
index ea7fdf8..0336e4c 100755
--- a/cgi-bin/docs.cgi
+++ b/cgi-bin/docs.cgi
@@ -19,10 +19,25 @@ my ($bottom) = "../bottom.inc";
my ($query) = new CGI;
-my ($doci) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/);
-my ($doc) = "../documentation/$doci";
-print "content-type: text/html\n\n";
+# Note filenames may only have one dot in them, in the ".txt".
+# This prevents malicious users using "../" to view files.
+my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
+
+print "Content-type: text/html\n\n";
+
+unless (defined $doc) {
+ print "The link to this page was broken - it must specify a .txt file.";
+ exit;
+}
+
+# Prevent hackers from supplying a malformed document string.
+# I.e. only allow normal characters, slashes and dots.
+unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
+ print "Go Away, you nasty hax0r!";
+ exit;
+}
+$doc = "../documentation/".$doc;
print <<"END";
@@ -31,7 +46,7 @@ print <<"END";
docs.cgi
Web-based text file viewer and formatter.
Created by pjm2 19/10/2000
- Last modified 19/10/2000
+ Last modified 02/11/2000
-->
@@ -50,7 +65,7 @@ print <<"END";
|
END
-&print_file($left);
+&print_html($left);
print <<"END";
@@ -58,13 +73,9 @@ print <<"END";
|
END
-&print_file($title);
-
-print "\n";
+&print_html($title);
&print_file($doc);
-print " \n";
-
-&print_file($bottom);
+&print_html($bottom);
print <<"END";
@@ -79,16 +90,40 @@ END
exit 0;
+# Print a file, whilst escaping HTML: -
sub print_file ($) {
- my ($filename) = @_;
- print `cat $filename`;
-}
-
-sub print_file_old ($) {
+ my ($urls) = '(' . join ('|', qw{
+ http
+ telnet
+ gopher
+ file
+ wais
+ ftp
+ } )
+ . ')';
+
+ my ($ltrs) = '\w';
+ my ($gunk) = '/#~:.?+=&%@!\-';
+ my ($punc) = '.:?\-';
+ my ($any) = "${ltrs}${gunk}${punc}";
my ($filename) = @_;
open(FILE, $filename) or die "Cannot open $filename: $!\n";
- while (my ($line) = ) {
- print $line;
+ print "\n";
+ # Use $_ implicitly throughout.
+ while () {
+ # Must do the next line first!
+ s/&/&/g;
+ s//>/g;
+ s/"/"/g;
+ s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox;
+ print;
}
+ print " ";
}
+# Print a file without escaping HTML: -
+sub print_html ($) {
+ my ($filename) = @_;
+ print `cat $filename 2>&1`;
+}
|