19 |
|
|
20 |
|
|
21 |
|
my ($query) = new CGI; |
22 |
– |
my ($doc) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/); |
23 |
– |
$doc = "../documentation/".$doc; |
22 |
|
|
23 |
+ |
# Note filenames may only have one dot in them, in the ".txt". |
24 |
+ |
# This prevents malicious users using "../" to view files. |
25 |
+ |
my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); |
26 |
+ |
|
27 |
|
print "Content-type: text/html\n\n"; |
28 |
+ |
|
29 |
+ |
unless (defined $doc) { |
30 |
+ |
print "The link to this page was broken - it must specify a .txt file."; |
31 |
+ |
exit; |
32 |
+ |
} |
33 |
+ |
|
34 |
+ |
# Prevent hackers from supplying a malformed document string. |
35 |
+ |
# I.e. only allow normal characters, slashes and dots. |
36 |
+ |
unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { |
37 |
+ |
print "Go Away, you nasty hax0r!"; |
38 |
+ |
exit; |
39 |
+ |
} |
40 |
+ |
$doc = "../documentation/".$doc; |
41 |
|
|
42 |
|
print <<"END"; |
43 |
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |