#!/usr/bin/perl
print "Content-type:text/html\n\n";
$FORM{'fulltxtpath'} = stripmeta("../www$ENV{'QUERY_STRING'}");
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
foreach $key (keys(%FORM)) {
if ($key =~ /required/i) {if ( ($FORM{$key} eq "") && ($FORM{$key} ==
+"") ) {failure();}}
}
open INF, $FORM{'fulltxtpath'} or dienice("Cant open $FORM{'fulltxtpat
+h'}");
seek(INF,0,0);
@fary = <INF>;
close (INF);
foreach $key (keys(%FORM)) {
$rep = $FORM{$key};
foreach $i (@fary) {$i =~ s/\[$key\]/$rep/g;}
}
$mailprog = '/usr/lib/sendmail';
open (MAIL, "|$mailprog -t") or dienice("Can't access $mailprog!\n");
foreach $i (@fary) { print MAIL "$i"; }
close (MAIL);
$FORM{'success'} =~ s/https\:\/\/www.mydomain.com/..\/www/g;
open INF, $FORM{'success'} or dienice("Cant open $FORM{'success'}");
seek(INF,0,0);
@succtxt = <INF>;
close (INF);
foreach $i (@succtxt) { print "$i"; }
exit;
sub stripmeta {
my($var1) = @_;
@meta = ('&',';','`','\'','\\',
'"','|','*','?','~','<','>',
'^','(',')','[',']','{','}','$');
$var1 =~ s/\n/ /g; $var1 =~ s/\r/ /g;
foreach $met (@meta){ $var1 =~ s/\Q$met\E/ /g; }
return $var1
}
sub failure {
$FORM{'failure'} =~ s/https\:\/\/www.mydomain.com/..\/www/g;
open INF, $FORM{'failure'} or dienice("Cant open $FORM{'failure'}");
seek(INF,0,0);
@failtxt = <INF>;
close (INF);
foreach $i (@failtxt) { print "$i"; }
exit;
}
sub dienice {
my($errmsg) = @_;
my($webmaster) = 'webmaster@mydomain.com';
print <<Eof;
<html><head><title>Error!!</title></head><body>The error was $errmsg</
+body></html>
Eof
exit;
}
Will me stripmeta sub protect me from attacks like ;/ rm -r*;/ in the 'QUERY_STRING'??
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.