############################# Subroutines ########################### ### PARSE SUBROUTINE sub parse_formx { local ($name, $value, $pair, $buffer, @pairs); if ($ENV{'REQUEST_METHOD'} eq 'GET') { # Split the name-value pairs @pairs = split(/&/, $ENV{'QUERY_STRING'}); } elsif ($ENV{'REQUEST_METHOD'} eq 'POST') { # Clear buffer and Get the input $buffer = ""; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); }else { &error("Bad request method, Use POST or GET"); exit; } #determine name and variable for each pair foreach $pair (@pairs) { # Split into name and value. ($name, $value) = split(/=/, $pair); # Ignore The Submit Button if($name =~ /submit/i) { next; } $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Remove Any Possible System Shell Commands Or SSI's Etc. $name =~ s/~!/ ~!/g; $name =~ s///g; $value =~ s/~!/ ~!/g; $value =~ s///g; $value =~ s/^\s+//gms; # remove any leading spaces $value =~ s/\s+$//gms; # remove any trailing spaces $value =~ s/\s{2,}/ /gms; # remove any 2 spaces and put only 1 $value =~ s/\|//g; # removes any Intruder tampering $value =~ s/~//g; $value =~ s/\`//g; # removes any server side includes $value =~ s/\~//g; # removes any server side includes $value =~ s/\"//g; # removes quotes $value =~ s/\;//g; # removes html $value =~ s/\//g; # removes html $value =~ s/\s+//g; # remove any spaces $value =~ s/^[\s]+|[\s]+$//gm; # remove any spaces $FORM{$name} = $value; } return %FORM; } # end of sub