ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/web/cgi-bin/docs.cgi
Revision: 1.13
Committed: Thu Mar 25 22:51:20 2004 UTC (20 years, 9 months ago) by tdb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.12: +1 -1 lines
Error occurred while calculating annotation data.
Log Message:
Docs are now under cms tree.

File Contents

# Content
1 #!/usr/bin/perl -w
2
3 use strict;
4 use CGI;
5
6 $| = 1;
7
8 # Settings
9 my ($incdir) = "../htdocs";
10
11 # Include files
12 my ($doctype) = "$incdir/doctype.inc";
13 my ($style) = "$incdir/style.inc";
14 my ($header) = "$incdir/header.inc";
15 my ($footer) = "$incdir/footer.inc";
16 my ($menu) = "$incdir/menu-static.inc" ;
17
18 my ($query) = new CGI;
19
20 # Note filenames may only have one dot in them, in the ".txt".
21 # This prevents malicious users using "../" to view files.
22 my ($doc) = ($query->param('doc') =~ /^\s*([^\.]*?\.txt)\s*$/);
23
24 # This should be application/xhtml+xml
25 print "Content-type: text/html\n\n";
26
27 unless (defined $doc) {
28 print "The link to this page was broken - it must specify a .txt file.";
29 exit;
30 }
31
32 # Prevent hackers from supplying a malformed document string.
33 # I.e. only allow normal characters, slashes and dots.
34 unless ($doc =~ /^[a-zA-Z_\-0-9\.\/]+$/) {
35 print "Malformed request.";
36 exit;
37 }
38 $doc = "../htdocs/cms/documentation/".$doc;
39
40 my($docname) = $doc =~ /\/([^\/]+)$/;
41
42 &print_html($doctype);
43
44 print <<"END";
45
46 <head>
47 <title>
48 i-scream plain text documentation viewer
49 </title>
50 END
51
52 &print_html($style);
53
54 print <<"END";
55
56 </head>
57 <body>
58 <div id="container">
59 <div id="main">
60 END
61
62 &print_html($header);
63
64 print <<"END";
65
66 <div id="contents">
67 <h1 class="top">
68 i-scream documentation viewer
69 </h1>
70 <h2>
71 $docname
72 </h2>
73 END
74
75 &print_file($doc);
76
77 print <<"END";
78
79 </div>
80 END
81
82 &print_html($footer);
83
84 print <<"END";
85
86 </div>
87 END
88
89 &print_html($menu);
90
91 print <<"END";
92
93 </div>
94 </body>
95 </html>
96 END
97
98 exit 0;
99
100 # Print a file, whilst escaping HTML: -
101 sub print_file {
102 my ($urls) = '(' . join ('|', qw{
103 http
104 telnet
105 gopher
106 file
107 wais
108 ftp
109 } )
110 . ')';
111
112 my ($ltrs) = '\w';
113 my ($gunk) = '/#~:.?+=&%@!\-';
114 my ($punc) = '.:?\-';
115 my ($any) = "${ltrs}${gunk}${punc}";
116 my ($filename) = @_;
117 if(open(FILE, $filename)) {
118 print " <pre>\n";
119 # Use $_ implicitly throughout.
120 while (<FILE>) {
121 # Must do the next line first!
122 s/&/&amp;/g;
123 s/</&lt;/g;
124 s/>/&gt;/g;
125 s/"/&quot;/g;
126 s/\b($urls:[$any]+?)(?=[$punc]*[^$any]|$)/<a href="$1">$1<\/a>/igox;
127 print;
128 }
129 print "\n</pre>";
130 }
131 else {
132 print "Failed to open $docname.";
133 }
134 }
135
136 # Print the contents of a file containing html
137 sub print_html ($) {
138 my ($filename) = @_;
139 open(FILE, $filename);
140 while(<FILE>) {
141 print;
142 }
143 close FILE;
144 }