\n"; +print <<"END"; + +++END + +&print_html($footer); + print <<"END"; -+ i-scream documentation viewer +
++ $docname +
+END + &print_file($doc); -print "\n"; -&print_file($bottom); +print <<"END"; +
--- web/cgi-bin/docs.cgi 2000/10/25 23:56:27 1.1 +++ web/cgi-bin/docs.cgi 2004/03/25 22:48:47 1.12 @@ -1,94 +1,144 @@ #!/usr/bin/perl -w -#------------------------------------------------------------ -# docs.cgi -# -# Web-based text file viewer. -# Copyright Paul Mutton, 2000. -#------------------------------------------------------------ - use strict; use CGI; $| = 1; # Settings -my ($left) = "../left.inc" ; -my ($title) = "../title.inc"; -my ($bottom) = "../bottom.inc"; +my ($incdir) = "../htdocs"; +# Include files +my ($doctype) = "$incdir/doctype.inc"; +my ($style) = "$incdir/style.inc"; +my ($header) = "$incdir/header.inc"; +my ($footer) = "$incdir/footer.inc"; +my ($menu) = "$incdir/menu-static.inc" ; my ($query) = new CGI; -my ($doci) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/); -my ($doc) = "../documentation/$doci"; -print "content-type: text/html\n\n"; +# Note filenames may only have one dot in them, in the ".txt". +# This prevents malicious users using "../" to view files. +my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); -print <<"END"; - +# This should be application/xhtml+xml +print "Content-type: text/html\n\n"; - +unless (defined $doc) { + print "The link to this page was broken - it must specify a .txt file."; + exit; +} - +# Prevent hackers from supplying a malformed document string. +# I.e. only allow normal characters, slashes and dots. +unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { + print "Malformed request."; + exit; +} +$doc = "../htdocs/documentation/".$doc; -
-
+print <<"END";
+
+
+ |
-
+
+
+
+
END
-&print_file($title);
+&print_html($header);
-print " \n"; +print <<"END"; + + |
-
\n"; + # Use $_ implicitly throughout. + while ("; + } + else { + print "Failed to open $docname."; + } } -sub print_file_old ($) { +# Print the contents of a file containing html +sub print_html ($) { my ($filename) = @_; - open(FILE, $filename) or die "Cannot open $filename: $!\n"; - while (my ($line) =) { + # Must do the next line first! + s/&/&/g; + s/</g; + s/>/>/g; + s/"/"/g; + s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox; + print; + } + print "\n