--- web/cgi-bin/docs.cgi 2000/11/09 22:03:56 1.3 +++ web/cgi-bin/docs.cgi 2003/05/11 19:51:06 1.5.2.1 @@ -13,17 +13,32 @@ use CGI; $| = 1; # Settings -my ($left) = "../left.inc" ; -my ($title) = "../title.inc"; -my ($bottom) = "../bottom.inc"; +my ($left) = "../htdocs/left.inc" ; +my ($title) = "../htdocs/title.inc"; +my ($bottom) = "../htdocs/bottom.inc"; my ($query) = new CGI; -my ($doc) = ($query->param('doc') =~ /^\s*(.*?\.txt)\s*$/); -$doc = "../documentation/".$doc; +# Note filenames may only have one dot in them, in the ".txt". +# This prevents malicious users using "../" to view files. +my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); + print "Content-type: text/html\n\n"; +unless (defined $doc) { + print "The link to this page was broken - it must specify a .txt file."; + exit; +} + +# Prevent hackers from supplying a malformed document string. +# I.e. only allow normal characters, slashes and dots. +unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { + print "Malformed request"; + exit; +} +$doc = "../htdocs/documentation/".$doc; + print <<"END"; @@ -110,5 +125,5 @@ sub print_file ($) { # Print a file without escaping HTML: - sub print_html ($) { my ($filename) = @_; - print `cat $filename`; + print `cat $filename 2>&1`; }