ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/web/cgi-bin/docs.cgi
(Generate patch)

Comparing web/cgi-bin/docs.cgi (file contents):
Revision 1.1 by tdb, Wed Oct 25 23:56:27 2000 UTC vs.
Revision 1.7 by tdb, Sun Mar 21 23:59:32 2004 UTC

# Line 1 | Line 1
1   #!/usr/bin/perl -w
2  
3 #------------------------------------------------------------
4 # docs.cgi
5 #
6 # Web-based text file viewer.
7 # Copyright Paul Mutton, 2000.
8 #------------------------------------------------------------
9
3   use strict;
4   use CGI;
5  
6   $| = 1;
7  
8   # Settings
9 < my ($left) = "../left.inc" ;
10 < my ($title) = "../title.inc";
11 < my ($bottom) = "../bottom.inc";
9 > my ($menu) = "../nwww/menu.inc" ;
10 > my ($header) = "../nwww/header.inc";
11 > my ($footer) = "../nwww/footer.inc";
12 > my ($style) = "../nwww/style.inc";
13  
20
14   my ($query) = new CGI;
22 my ($doci) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/);
23 my ($doc) = "../documentation/$doci";
15  
16 < print "content-type: text/html\n\n";
16 > # Note filenames may only have one dot in them, in the ".txt".
17 > # This prevents malicious users using "../" to view files.
18 > my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
19  
20 < print <<"END";
28 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
20 > print "Content-type: text/html\n\n";
21  
22 < <!--
23 <    docs.cgi
24 <    Web-based text file viewer and formatter.
25 <    Created by pjm2 19/10/2000
34 <    Last modified 19/10/2000
35 < -->
22 > unless (defined $doc) {
23 >    print "The link to this page was broken - it must specify a .txt file.";
24 >    exit;
25 > }
26  
27 + # Prevent hackers from supplying a malformed document string.
28 + # I.e. only allow normal characters, slashes and dots.
29 + unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
30 +    print "Malformed request.";
31 +    exit;
32 + }
33 + $doc = "../htdocs/documentation/".$doc;
34 +
35 + my($docname) = $doc =~ /\/([^\/]+)$/;
36 +
37 + print <<"END";
38 + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
39 +   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
40 +
41   <html>
42  
43   <head>
44 < <title>The i-scream Project Documentation Viewer</title>
45 < <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
46 < <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
47 < <meta name="generator" content="notepad on acid, aye.">
44 > <title>i-scream plain text documentation viewer</title>
45 > END
46 >
47 > &print_html($style);
48 >
49 > print <<"END";
50   </head>
51  
52 < <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
52 > <body>
53  
54 < <table border="0" cellpadding="2" cellspacing="2">
55 < <tr>
56 <  <td valign="top">
54 > <div id="container">
55 >
56 > <div id="main">
57   END
58  
59 < &print_file($left);
59 > &print_html($header);
60  
61   print <<"END";
62 + <div id="contents">
63 + <h1 class="top">i-scream documentation viewer</h1>
64  
65 <  </td>
58 <  <td valign="top">
65 > <h2>$docname</h2>
66   END
67  
61 &print_file($title);
62
63 print "<PRE>\n";
68   &print_file($doc);
69 < print "</PRE>\n";
69 > print "</div>";
70  
71 < &print_file($bottom);
71 > &print_html($footer);
72  
73 < print <<"END";
73 > print "</div>";
74  
75 <  </td>
72 < </tr>
73 < </table>
75 > &print_html($menu);
76  
77 < </body>
77 > print <<"END";
78 > </div>
79  
80 + </body>
81   </html>
82   END
83  
84   exit 0;
85  
86 + # Print a file, whilst escaping HTML: -
87   sub print_file ($) {
88 <    my ($filename) = @_;
89 <    print `cat $filename`;
90 < }
88 > my ($urls) = '(' . join ('|', qw{
89 >               http
90 >               telnet
91 >               gopher
92 >               file
93 >               wais
94 >               ftp
95 >               } )
96 >           . ')';
97  
98 < sub print_file_old ($) {
99 <    my ($filename) = @_;
100 <    open(FILE, $filename) or die "Cannot open $filename: $!\n";
101 <    while (my ($line) = <FILE>) {
102 <        print $line;
98 > my ($ltrs) = '\w';
99 > my ($gunk) = '/#~:.?+=&%@!\-';
100 > my ($punc) = '.:?\-';
101 > my ($any) = "${ltrs}${gunk}${punc}";
102 > my ($filename) = @_;
103 > if(open(FILE, $filename)) {
104 >    print "<pre>\n";
105 >    # Use $_ implicitly throughout.
106 >    while (<FILE>) {
107 >        # Must do the next line first!
108 >        s/&/&amp;/g;
109 >        s/</&lt;/g;
110 >        s/>/&gt;/g;
111 >        s/"/&quot;/g;
112 >        s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
113 >        print;
114      }
115 +    print "</pre>";
116   }
117 + else {
118 +    print "Failed to open $docname.";
119 + }
120 + }
121  
122 + # Print a file without escaping HTML: -
123 + sub print_html ($) {
124 + my ($filename) = @_;
125 + print `cat $filename 2>&1`;
126 + }

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines