ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/web/cgi-bin/docs.cgi
(Generate patch)

Comparing web/cgi-bin/docs.cgi (file contents):
Revision 1.2 by tdb, Thu Nov 2 20:59:43 2000 UTC vs.
Revision 1.7 by tdb, Sun Mar 21 23:59:32 2004 UTC

# Line 1 | Line 1
1   #!/usr/bin/perl -w
2  
3 #------------------------------------------------------------
4 # docs.cgi
5 #
6 # Web-based text file viewer.
7 # Copyright Paul Mutton, 2000.
8 #------------------------------------------------------------
9
3   use strict;
4   use CGI;
5  
6   $| = 1;
7  
8   # Settings
9 < my ($left) = "../left.inc" ;
10 < my ($title) = "../title.inc";
11 < my ($bottom) = "../bottom.inc";
9 > my ($menu) = "../nwww/menu.inc" ;
10 > my ($header) = "../nwww/header.inc";
11 > my ($footer) = "../nwww/footer.inc";
12 > my ($style) = "../nwww/style.inc";
13  
20
14   my ($query) = new CGI;
22 my ($doc) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/);
23 $doc = "../documentation/".$doc;
15  
16 + # Note filenames may only have one dot in them, in the ".txt".
17 + # This prevents malicious users using "../" to view files.
18 + my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
19 +
20   print "Content-type: text/html\n\n";
21  
22 < print <<"END";
23 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
22 > unless (defined $doc) {
23 >    print "The link to this page was broken - it must specify a .txt file.";
24 >    exit;
25 > }
26  
27 < <!--
28 <    docs.cgi
29 <    Web-based text file viewer and formatter.
30 <    Created by pjm2 19/10/2000
31 <    Last modified 02/11/2000
32 < -->
27 > # Prevent hackers from supplying a malformed document string.
28 > # I.e. only allow normal characters, slashes and dots.
29 > unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
30 >    print "Malformed request.";
31 >    exit;
32 > }
33 > $doc = "../htdocs/documentation/".$doc;
34  
35 + my($docname) = $doc =~ /\/([^\/]+)$/;
36 +
37 + print <<"END";
38 + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
39 +   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
40 +
41   <html>
42  
43   <head>
44 < <title>The i-scream Project Documentation Viewer</title>
45 < <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
46 < <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
47 < <meta name="generator" content="notepad on acid, aye.">
44 > <title>i-scream plain text documentation viewer</title>
45 > END
46 >
47 > &print_html($style);
48 >
49 > print <<"END";
50   </head>
51  
52 < <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
52 > <body>
53  
54 < <table border="0" cellpadding="2" cellspacing="2">
55 < <tr>
56 <  <td valign="top">
54 > <div id="container">
55 >
56 > <div id="main">
57   END
58  
59 < &print_html($left);
59 > &print_html($header);
60  
61   print <<"END";
62 + <div id="contents">
63 + <h1 class="top">i-scream documentation viewer</h1>
64  
65 <  </td>
58 <  <td valign="top">
65 > <h2>$docname</h2>
66   END
67  
61 &print_html($title);
68   &print_file($doc);
69 < &print_html($bottom);
69 > print "</div>";
70  
71 < print <<"END";
71 > &print_html($footer);
72  
73 <  </td>
68 < </tr>
69 < </table>
73 > print "</div>";
74  
75 < </body>
75 > &print_html($menu);
76  
77 + print <<"END";
78 + </div>
79 +
80 + </body>
81   </html>
82   END
83  
# Line 77 | Line 85 | exit 0;
85  
86   # Print a file, whilst escaping HTML: -
87   sub print_file ($) {
88 <    my ($filename) = @_;
89 <    open(FILE, $filename) or die "Cannot open $filename: $!\n";
88 > my ($urls) = '(' . join ('|', qw{
89 >               http
90 >               telnet
91 >               gopher
92 >               file
93 >               wais
94 >               ftp
95 >               } )
96 >           . ')';
97 >
98 > my ($ltrs) = '\w';
99 > my ($gunk) = '/#~:.?+=&%@!\-';
100 > my ($punc) = '.:?\-';
101 > my ($any) = "${ltrs}${gunk}${punc}";
102 > my ($filename) = @_;
103 > if(open(FILE, $filename)) {
104      print "<pre>\n";
105      # Use $_ implicitly throughout.
106      while (<FILE>) {
# Line 87 | Line 109 | sub print_file ($) {
109          s/</&lt;/g;
110          s/>/&gt;/g;
111          s/"/&quot;/g;
112 +        s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
113          print;
114      }
115      print "</pre>";
116   }
117 + else {
118 +    print "Failed to open $docname.";
119 + }
120 + }
121  
122   # Print a file without escaping HTML: -
123   sub print_html ($) {
124 <    my ($filename) = @_;
125 <    print `cat $filename`;
124 > my ($filename) = @_;
125 > print `cat $filename 2>&1`;
126   }

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines