ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/web/cgi-bin/docs.cgi
(Generate patch)

Comparing web/cgi-bin/docs.cgi (file contents):
Revision 1.2 by tdb, Thu Nov 2 20:59:43 2000 UTC vs.
Revision 1.9 by tdb, Wed Mar 24 20:57:27 2004 UTC

# Line 1 | Line 1
1   #!/usr/bin/perl -w
2  
3 #------------------------------------------------------------
4 # docs.cgi
5 #
6 # Web-based text file viewer.
7 # Copyright Paul Mutton, 2000.
8 #------------------------------------------------------------
9
3   use strict;
4   use CGI;
5  
6   $| = 1;
7  
8   # Settings
9 < my ($left) = "../left.inc" ;
17 < my ($title) = "../title.inc";
18 < my ($bottom) = "../bottom.inc";
9 > my ($incdir) = "../nwww";
10  
11 + # Include files
12 + my ($doctype) = "$incdir/doctype.inc";
13 + my ($style) = "$incdir/style.inc";
14 + my ($header) = "$incdir/header.inc";
15 + my ($footer) = "$incdir/footer.inc";
16 + my ($menu) = "$incdir/menu.inc" ;
17  
18   my ($query) = new CGI;
22 my ($doc) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/);
23 $doc = "../documentation/".$doc;
19  
20 + # Note filenames may only have one dot in them, in the ".txt".
21 + # This prevents malicious users using "../" to view files.
22 + my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
23 +
24 + # This should be application/xhtml+xml
25   print "Content-type: text/html\n\n";
26  
27 < print <<"END";
28 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
27 > unless (defined $doc) {
28 >    print "The link to this page was broken - it must specify a .txt file.";
29 >    exit;
30 > }
31  
32 < <!--
33 <    docs.cgi
34 <    Web-based text file viewer and formatter.
35 <    Created by pjm2 19/10/2000
36 <    Last modified 02/11/2000
37 < -->
32 > # Prevent hackers from supplying a malformed document string.
33 > # I.e. only allow normal characters, slashes and dots.
34 > unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
35 >    print "Malformed request.";
36 >    exit;
37 > }
38 > $doc = "../htdocs/documentation/".$doc;
39  
40 < <html>
40 > my($docname) = $doc =~ /\/([^\/]+)$/;
41  
42 < <head>
40 < <title>The i-scream Project Documentation Viewer</title>
41 < <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
42 < <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
43 < <meta name="generator" content="notepad on acid, aye.">
44 < </head>
42 > &print_html($doctype);
43  
44 < <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
44 > print <<"END";
45  
46 < <table border="0" cellpadding="2" cellspacing="2">
47 < <tr>
48 <  <td valign="top">
46 >  <head>
47 >    <title>
48 >      i-scream plain text documentation viewer
49 >    </title>
50   END
51  
52 < &print_html($left);
52 > &print_html($style);
53  
54   print <<"END";
55  
56 <  </td>
57 <  <td valign="top">
56 >  </head>
57 >  <body>
58 >    <div id="container">
59 >      <div id="main">
60   END
61  
62 < &print_html($title);
62 > &print_html($header);
63 >
64 > print <<"END";
65 >
66 >        <div id="contents">
67 >          <h1 class="top">
68 >            i-scream documentation viewer
69 >          </h1>
70 >          <h2>
71 >            $docname
72 >          </h2>
73 > END
74 >
75   &print_file($doc);
63 &print_html($bottom);
76  
77   print <<"END";
78  
79 <  </td>
80 < </tr>
69 < </table>
79 >        </div>
80 > END
81  
82 < </body>
82 > &print_html($footer);
83  
84 + print <<"END";
85 +
86 +      </div>
87 + END
88 +
89 + &print_html($menu);
90 +
91 + print <<"END";
92 +
93 +    </div>
94 +  </body>
95   </html>
96   END
97  
98   exit 0;
99  
100   # Print a file, whilst escaping HTML: -
101 < sub print_file ($) {
101 > sub print_file {
102 > my ($urls) = '(' . join ('|', qw{
103 >               http
104 >               telnet
105 >               gopher
106 >               file
107 >               wais
108 >               ftp
109 >               } )
110 >           . ')';
111 >
112 >    my ($ltrs) = '\w';
113 >    my ($gunk) = '/#~:.?+=&%@!\-';
114 >    my ($punc) = '.:?\-';
115 >    my ($any) = "${ltrs}${gunk}${punc}";
116      my ($filename) = @_;
117 <    open(FILE, $filename) or die "Cannot open $filename: $!\n";
118 <    print "<pre>\n";
119 <    # Use $_ implicitly throughout.
120 <    while (<FILE>) {
121 <        # Must do the next line first!
122 <        s/&/&amp;/g;
123 <        s/</&lt;/g;
124 <        s/>/&gt;/g;
125 <        s/"/&quot;/g;
126 <        print;
117 >    if(open(FILE, $filename)) {
118 >        print "          <pre>\n";
119 >        # Use $_ implicitly throughout.
120 >        while (<FILE>) {
121 >            # Must do the next line first!
122 >            s/&/&amp;/g;
123 >            s/</&lt;/g;
124 >            s/>/&gt;/g;
125 >            s/"/&quot;/g;
126 >            s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
127 >            print;
128 >        }
129 >        print "\n</pre>";
130      }
131 <    print "</pre>";
131 >    else {
132 >        print "Failed to open $docname.";
133 >    }
134   }
135  
136 < # Print a file without escaping HTML: -
136 > # Print the contents of a file containing html
137   sub print_html ($) {
138      my ($filename) = @_;
139 <    print `cat $filename`;
139 >    open(FILE, $filename);
140 >    while(<FILE>) {
141 >        print;
142 >    }
143 >    close FILE;
144   }

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines