ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/web/cgi-bin/docs.cgi
(Generate patch)

Comparing web/cgi-bin/docs.cgi (file contents):
Revision 1.1 by tdb, Wed Oct 25 23:56:27 2000 UTC vs.
Revision 1.10 by tdb, Wed Mar 24 23:29:21 2004 UTC

# Line 1 | Line 1
1   #!/usr/bin/perl -w
2  
3 #------------------------------------------------------------
4 # docs.cgi
5 #
6 # Web-based text file viewer.
7 # Copyright Paul Mutton, 2000.
8 #------------------------------------------------------------
9
3   use strict;
4   use CGI;
5  
6   $| = 1;
7  
8   # Settings
9 < my ($left) = "../left.inc" ;
17 < my ($title) = "../title.inc";
18 < my ($bottom) = "../bottom.inc";
9 > my ($incdir) = "../nwww";
10  
11 + # Include files
12 + my ($doctype) = "$incdir/doctype.inc";
13 + my ($style) = "$incdir/style.inc";
14 + my ($header) = "$incdir/header.inc";
15 + my ($footer) = "$incdir/footer.inc";
16 + my ($menu) = "$incdir/menu.inc" ;
17  
18   my ($query) = new CGI;
22 my ($doci) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/);
23 my ($doc) = "../documentation/$doci";
19  
20 < print "content-type: text/html\n\n";
20 > # Note filenames may only have one dot in them, in the ".txt".
21 > # This prevents malicious users using "../" to view files.
22 > my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
23  
24 < print <<"END";
25 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
24 > # This should be application/xhtml+xml
25 > print "Content-type: text/html\n\n";
26  
27 < <!--
28 <    docs.cgi
29 <    Web-based text file viewer and formatter.
30 <    Created by pjm2 19/10/2000
34 <    Last modified 19/10/2000
35 < -->
27 > unless (defined $doc) {
28 >    print "The link to this page was broken - it must specify a .txt file.";
29 >    exit;
30 > }
31  
32 < <html>
32 > # Prevent hackers from supplying a malformed document string.
33 > # I.e. only allow normal characters, slashes and dots.
34 > unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
35 >    print "Malformed request.";
36 >    exit;
37 > }
38 > $doc = "../htdocs/documentation/".$doc;
39  
40 < <head>
40 < <title>The i-scream Project Documentation Viewer</title>
41 < <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
42 < <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
43 < <meta name="generator" content="notepad on acid, aye.">
44 < </head>
40 > my($docname) = $doc =~ /\/([^\/]+)$/;
41  
42 < <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
42 > &print_html($doctype);
43  
44 < <table border="0" cellpadding="2" cellspacing="2">
45 < <tr>
46 <  <td valign="top">
44 > print <<"END";
45 >
46 >  <head>
47 >    <title>
48 >      i-scream plain text documentation viewer
49 >    </title>
50   END
51  
52 < &print_file($left);
52 > &print_html($style);
53  
54   print <<"END";
55  
56 <  </td>
57 <  <td valign="top">
56 >  </head>
57 >  <body>
58 >    <div id="container">
59 >      <div id="main">
60   END
61  
62 < &print_file($title);
62 > &print_html($header);
63  
64 < print "<PRE>\n";
64 > print <<"END";
65 >
66 >        <div id="contents">
67 >          <h1 class="top">
68 >            i-scream documentation viewer
69 >          </h1>
70 >          <h2>
71 >            $docname
72 >          </h2>
73 > END
74 >
75   &print_file($doc);
65 print "</PRE>\n";
76  
77 < &print_file($bottom);
77 > print <<"END";
78  
79 +        </div>
80 + END
81 +
82 + &print_html($footer);
83 +
84   print <<"END";
85  
86 <  </td>
87 < </tr>
73 < </table>
86 >      </div>
87 > END
88  
89 < </body>
89 > &print_html($menu);
90  
91 + print <<"END";
92 +
93 +    </div>
94 +  </body>
95   </html>
96   END
97  
98   exit 0;
99  
100 < sub print_file ($) {
100 > # Print a file, whilst escaping HTML: -
101 > sub print_file {
102 > my ($urls) = '(' . join ('|', qw{
103 >               http
104 >               telnet
105 >               gopher
106 >               file
107 >               wais
108 >               ftp
109 >               } )
110 >           . ')';
111 >
112 >    my ($ltrs) = '\w';
113 >    my ($gunk) = '/#~:.?+=&%@!\-';
114 >    my ($punc) = '.:?\-';
115 >    my ($any) = "${ltrs}${gunk}${punc}";
116      my ($filename) = @_;
117 <    print `cat $filename`;
117 >    if(open(FILE, $filename)) {
118 >        print "          <pre>\n";
119 >        # Use $_ implicitly throughout.
120 >        while (<FILE>) {
121 >            # Must do the next line first!
122 >            s/&/&amp;/g;
123 >            s/</&lt;/g;
124 >            s/>/&gt;/g;
125 >            s/"/&quot;/g;
126 >            s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
127 >            print;
128 >        }
129 >        print "\n</pre>";
130 >    }
131 >    else {
132 >        print "Failed to open $docname.";
133 >    }
134   }
135  
136 < sub print_file_old ($) {
136 > # Print the contents of a file containing html
137 > sub print_html ($) {
138      my ($filename) = @_;
139 <    open(FILE, $filename) or die "Cannot open $filename: $!\n";
140 <    while (my ($line) = <FILE>) {
141 <        print $line;
139 >    my($virtual) = '<!--#include virtual="/cgi-bin/logo.cgi" -->';
140 >    my(@virtualresponse) = `/web/i-scream/nwww.cgi-bin/logo.cgi`;
141 >    open(FILE, $filename);
142 >    while(<FILE>) {
143 >        if(/$virtual/) {
144 >            s/$virtual/$virtualresponse[@virtualresponse-1]/;
145 >        }
146 >        print;
147      }
148 +    close FILE;
149   }
94

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines