--- web/cgi-bin/docs.cgi 2003/05/15 20:48:01 1.6 +++ web/cgi-bin/docs.cgi 2004/03/24 13:11:42 1.8 @@ -1,22 +1,19 @@ #!/usr/bin/perl -w -#------------------------------------------------------------ -# docs.cgi -# -# Web-based text file viewer. -# Copyright Paul Mutton, 2000. -#------------------------------------------------------------ - use strict; use CGI; $| = 1; # Settings -my ($left) = "../htdocs/left.inc" ; -my ($title) = "../htdocs/title.inc"; -my ($bottom) = "../htdocs/bottom.inc"; +my ($incdir) = "../nwww"; +# Include files +my ($doctype) = "$incdir/doctype.inc"; +my ($style) = "$incdir/style.inc"; +my ($header) = "$incdir/header.inc"; +my ($footer) = "$incdir/footer.inc"; +my ($menu) = "$incdir/menu.inc" ; my ($query) = new CGI; @@ -24,6 +21,7 @@ my ($query) = new CGI; # This prevents malicious users using "../" to view files. my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/); +# This should be application/xhtml+xml print "Content-type: text/html\n\n"; unless (defined $doc) { @@ -34,57 +32,66 @@ unless (defined $doc) { # Prevent hackers from supplying a malformed document string. # I.e. only allow normal characters, slashes and dots. unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) { - print "Malformed request"; + print "Malformed request."; exit; } $doc = "../htdocs/documentation/".$doc; -print <<"END"; - +my($docname) = $doc =~ /\/([^\/]+)$/; - +&print_html($doctype); - +print <<"END"; - - The i-scream Project Documentation Viewer - - - - + + + i-scream plain text documentation viewer + +END - +&print_html($style); - - - - - -
+print <<"END"; + + + +
+
END -&print_html($left); +&print_html($header); print <<"END"; -
+
+

+ i-scream documentation viewer +

+

+ $docname +

END -&print_html($title); &print_file($doc); -&print_html($bottom); print <<"END"; -
+ +END - +&print_html($footer); +print <<"END"; + + +END + +&print_html($menu); + +print <<"END"; + + + END @@ -92,23 +99,23 @@ exit 0; # Print a file, whilst escaping HTML: - sub print_file ($) { - my ($urls) = '(' . join ('|', qw{ - http - telnet - gopher - file - wais - ftp - } ) - . ')'; - - my ($ltrs) = '\w'; - my ($gunk) = '/#~:.?+=&%@!\-'; - my ($punc) = '.:?\-'; - my ($any) = "${ltrs}${gunk}${punc}"; - my ($filename) = @_; - open(FILE, $filename) or die "Cannot open $filename: $!\n"; - print "
\n";
+my ($urls) = '(' . join ('|', qw{
+	       http
+	       telnet
+	       gopher
+	       file
+	       wais
+	       ftp
+	       } )
+	   . ')';
+
+my ($ltrs) = '\w';
+my ($gunk) = '/#~:.?+=&%@!\-';
+my ($punc) = '.:?\-';
+my ($any) = "${ltrs}${gunk}${punc}";
+my ($filename) = @_;
+if(open(FILE, $filename)) {
+    print "          
\n";
     # Use $_ implicitly throughout.
     while () {
         # Must do the next line first!
@@ -119,11 +126,15 @@ sub print_file ($) {
         s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/$1<\/a>/igox;
         print;
     }
-    print "
"; + print "\n
"; } +else { + print "Failed to open $docname."; +} +} # Print a file without escaping HTML: - sub print_html ($) { - my ($filename) = @_; - print `cat $filename 2>&1`; +my ($filename) = @_; +print `cat $filename 2>&1`; }