| 1 |
#!/usr/bin/perl -w |
| 2 |
|
| 3 |
use strict; |
| 4 |
use CGI; |
| 5 |
|
| 6 |
$| = 1; |
| 7 |
|
| 8 |
# Settings |
| 9 |
my ($incdir) = "../htdocs"; |
| 10 |
|
| 11 |
# Include files |
| 12 |
my ($doctype) = "$incdir/doctype.inc"; |
| 13 |
my ($style) = "$incdir/style.inc"; |
| 14 |
my ($header) = "$incdir/header.inc"; |
| 15 |
my ($footer) = "$incdir/footer.inc"; |
| 16 |
my ($menu) = "$incdir/menu-static.inc" ; |
| 17 |
|
| 18 |
my ($query) = new CGI; |
| 19 |
|
| 20 |
# Note filenames may only have one dot in them, in the ".txt". |
| 21 |
# This prevents malicious users using "../" to view files. |
| 22 |
my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); |
| 23 |
|
| 24 |
# This should be application/xhtml+xml |
| 25 |
print "Content-type: text/html\n\n"; |
| 26 |
|
| 27 |
unless (defined $doc) { |
| 28 |
print "The link to this page was broken - it must specify a .txt file."; |
| 29 |
exit; |
| 30 |
} |
| 31 |
|
| 32 |
# Prevent hackers from supplying a malformed document string. |
| 33 |
# I.e. only allow normal characters, slashes and dots. |
| 34 |
unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { |
| 35 |
print "Malformed request."; |
| 36 |
exit; |
| 37 |
} |
| 38 |
$doc = "../htdocs/cms/documentation/".$doc; |
| 39 |
|
| 40 |
my($docname) = $doc =~ /\/([^\/]+)$/; |
| 41 |
|
| 42 |
&print_html($doctype); |
| 43 |
|
| 44 |
print <<"END"; |
| 45 |
|
| 46 |
<head> |
| 47 |
<title> |
| 48 |
i-scream plain text documentation viewer |
| 49 |
</title> |
| 50 |
END |
| 51 |
|
| 52 |
&print_html($style); |
| 53 |
|
| 54 |
print <<"END"; |
| 55 |
|
| 56 |
</head> |
| 57 |
<body> |
| 58 |
<div id="container"> |
| 59 |
<div id="main"> |
| 60 |
END |
| 61 |
|
| 62 |
&print_html($header); |
| 63 |
|
| 64 |
print <<"END"; |
| 65 |
|
| 66 |
<div id="contents"> |
| 67 |
<h1 class="top"> |
| 68 |
i-scream documentation viewer |
| 69 |
</h1> |
| 70 |
<h2> |
| 71 |
$docname |
| 72 |
</h2> |
| 73 |
END |
| 74 |
|
| 75 |
&print_file($doc); |
| 76 |
|
| 77 |
print <<"END"; |
| 78 |
|
| 79 |
</div> |
| 80 |
END |
| 81 |
|
| 82 |
&print_html($footer); |
| 83 |
|
| 84 |
print <<"END"; |
| 85 |
|
| 86 |
</div> |
| 87 |
END |
| 88 |
|
| 89 |
&print_html($menu); |
| 90 |
|
| 91 |
print <<"END"; |
| 92 |
|
| 93 |
</div> |
| 94 |
</body> |
| 95 |
</html> |
| 96 |
END |
| 97 |
|
| 98 |
exit 0; |
| 99 |
|
| 100 |
# Print a file, whilst escaping HTML: - |
| 101 |
sub print_file { |
| 102 |
my ($urls) = '(' . join ('|', qw{ |
| 103 |
http |
| 104 |
telnet |
| 105 |
gopher |
| 106 |
file |
| 107 |
wais |
| 108 |
ftp |
| 109 |
} ) |
| 110 |
. ')'; |
| 111 |
|
| 112 |
my ($ltrs) = '\w'; |
| 113 |
my ($gunk) = '/#~:.?+=&%@!\-'; |
| 114 |
my ($punc) = '.:?\-'; |
| 115 |
my ($any) = "${ltrs}${gunk}${punc}"; |
| 116 |
my ($filename) = @_; |
| 117 |
if(open(FILE, $filename)) { |
| 118 |
print " <pre>\n"; |
| 119 |
# Use $_ implicitly throughout. |
| 120 |
while (<FILE>) { |
| 121 |
# Must do the next line first! |
| 122 |
s/&/&/g; |
| 123 |
s/</</g; |
| 124 |
s/>/>/g; |
| 125 |
s/"/"/g; |
| 126 |
s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox; |
| 127 |
print; |
| 128 |
} |
| 129 |
print "\n</pre>"; |
| 130 |
} |
| 131 |
else { |
| 132 |
print "Failed to open $docname."; |
| 133 |
} |
| 134 |
} |
| 135 |
|
| 136 |
# Print the contents of a file containing html |
| 137 |
sub print_html ($) { |
| 138 |
my ($filename) = @_; |
| 139 |
open(FILE, $filename); |
| 140 |
while(<FILE>) { |
| 141 |
print; |
| 142 |
} |
| 143 |
close FILE; |
| 144 |
} |
