web/cgi-bin/docs.cgi

#!/usr/bin/perl -w

#------------------------------------------------------------
# docs.cgi
# 
# Web-based text file viewer.
# Copyright Paul Mutton, 2000.
#------------------------------------------------------------

use strict;
use CGI;

$| = 1;

# Settings
my ($left) = "../left.inc" ;
my ($title) = "../title.inc";
my ($bottom) = "../bottom.inc";


my ($query) = new CGI;

# Note filenames may only have one dot in them, in the ".txt".
# This prevents malicious users using "../" to view files.
my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);

print "Content-type: text/html\n\n";

unless (defined $doc) {
    print "The link to this page was broken - it must specify a .txt file.";
    exit;
}

# Prevent hackers from supplying a malformed document string.
# I.e. only allow normal characters, slashes and dots.
unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
    print "Go Away, you nasty hax0r!";
    exit;
}
$doc = "../documentation/".$doc;

print <<"END";
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<!--
    docs.cgi
    Web-based text file viewer and formatter.
    Created by pjm2 19/10/2000
    Last modified 02/11/2000
-->

<html>

<head>
 <title>The i-scream Project Documentation Viewer</title>
 <meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
 <meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
 <meta name="generator" content="notepad on acid, aye.">
</head>

<body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">

<table border="0" cellpadding="2" cellspacing="2">
 <tr>
  <td valign="top">
END

&print_html($left);

print <<"END";

  </td>
  <td valign="top">
END

&print_html($title);
&print_file($doc);
&print_html($bottom);

print <<"END";

  </td>
 </tr>
</table>

</body>

</html>
END

exit 0;

# Print a file, whilst escaping HTML: -
sub print_file ($) {
    my ($urls) = '(' . join ('|', qw{
                       http
                       telnet
                       gopher
                       file
                       wais
                       ftp
                       } )
                   . ')';
    
    my ($ltrs) = '\w';
    my ($gunk) = '/#~:.?+=&%@!\-';
    my ($punc) = '.:?\-';
    my ($any) = "${ltrs}${gunk}${punc}";
    my ($filename) = @_;
    open(FILE, $filename) or die "Cannot open $filename: $!\n";
    print "<pre>\n";
    # Use $_ implicitly throughout.
    while (<FILE>) {
        # Must do the next line first!
        s/&/&amp;/g;
        s/</&lt;/g;
        s/>/&gt;/g;
        s/"/&quot;/g;
        s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
        print;
    }
    print "</pre>";
}

# Print a file without escaping HTML: -
sub print_html ($) {
    my ($filename) = @_;
    print `cat $filename 2>&1`;
}
Revision:	1.5
Committed:	Sun May 6 19:16:40 2001 UTC (23 years ago) by tdb
Branch:	MAIN
Branch point for:	I-SCREAM_ORG
Changes since 1.4:	+1 -1 lines
Log Message:	Capture STDERR from all CGI scripts. This is purely so any errors are more apparent.
#	Content
1	#!/usr/bin/perl -w
2
3	#------------------------------------------------------------
4	# docs.cgi
5	#
6	# Web-based text file viewer.
7	# Copyright Paul Mutton, 2000.
8	#------------------------------------------------------------
9
10	use strict;
11	use CGI;
12
13	$\| = 1;
14
15	# Settings
16	my ($left) = "../left.inc" ;
17	my ($title) = "../title.inc";
18	my ($bottom) = "../bottom.inc";
19
20
21	my ($query) = new CGI;
22
23	# Note filenames may only have one dot in them, in the ".txt".
24	# This prevents malicious users using "../" to view files.
25	my ($doc) = ($query->param('doc') =~ /^\s([^\.]?\.txt)\s*$/);
26
27	print "Content-type: text/html\n\n";
28
29	unless (defined $doc) {
30	print "The link to this page was broken - it must specify a .txt file.";
31	exit;
32	}
33
34	# Prevent hackers from supplying a malformed document string.
35	# I.e. only allow normal characters, slashes and dots.
36	unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
37	print "Go Away, you nasty hax0r!";
38	exit;
39	}
40	$doc = "../documentation/".$doc;
41
42	print <<"END";
43	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
44
45	<!--
46	docs.cgi
47	Web-based text file viewer and formatter.
48	Created by pjm2 19/10/2000
49	Last modified 02/11/2000
50	-->
51
52	<html>
53
54	<head>
55	<title>The i-scream Project Documentation Viewer</title>
56	<meta name="description" content="The i-scream Project is a central monitoring system for Unix, Linux and NT servers.">
57	<meta name="keywords" content="i-scream, project, central monitoring system, unix, linux, nt, server, alert">
58	<meta name="generator" content="notepad on acid, aye.">
59	</head>
60
61	<body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc" text="#000066">
62
63	<table border="0" cellpadding="2" cellspacing="2">
64	<tr>
65	<td valign="top">
66	END
67
68	&print_html($left);
69
70	print <<"END";
71
72	</td>
73	<td valign="top">
74	END
75
76	&print_html($title);
77	&print_file($doc);
78	&print_html($bottom);
79
80	print <<"END";
81
82	</td>
83	</tr>
84	</table>
85
86	</body>
87
88	</html>
89	END
90
91	exit 0;
92
93	# Print a file, whilst escaping HTML: -
94	sub print_file ($) {
95	my ($urls) = '(' . join ('\|', qw{
96	http
97	telnet
98	gopher
99	file
100	wais
101	ftp
102	} )
103	. ')';
104
105	my ($ltrs) = '\w';
106	my ($gunk) = '/#~:.?+=&%@!\-';
107	my ($punc) = '.:?\-';
108	my ($any) = "${ltrs}${gunk}${punc}";
109	my ($filename) = @_;
110	open(FILE, $filename) or die "Cannot open $filename: $!\n";
111	print "<pre>\n";
112	# Use $_ implicitly throughout.
113	while (<FILE>) {
114	# Must do the next line first!
115	s/&/&/g;
116	s/</</g;
117	s/>/>/g;
118	s/"/"/g;
119	s/\b($urls:[$any]+?)(?=[$punc]*[^$any]\|$)/<a href="$1">$1<\/a>/igox;
120	print;
121	}
122	print "</pre>";
123	}
124
125	# Print a file without escaping HTML: -
126	sub print_html ($) {
127	my ($filename) = @_;
128	print `cat $filename 2>&1`;
129	}