#!/usr/bin/perl -T
use strict;
use warnings;
use CGI qw/param/;
use CGI::Carp qw/fatalsToBrowser/;

#__No uploads any more__
$CGI::DISABLE_UPLOADS=1;
#__100kb in case of flooding__
$CGI::POST_MAX=102_400;
#__in case for something to be executed__
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';


#__prints header__#
sub header{
  print "Content-type: text/html \n\n";
  print qq(
<html>
<head>
<title>Get all keys and values</title>
</head>
<body bgcolor="#ABBFC9" link="#FFFF00" vlink="#FFFF00" alink="#FF0000" text="#000000">
)
}

#__prints footer__#
sub footer{
  print qq(
</body>
</html>
<b><center><hr>END OF DOCUMENT<hr></b></center>
)
}

#__prints warnings__#
sub Warning_One{
  print '<span style="color:#ff0000;">KEY OR VALUE IS NOT VALID!</span>';
  exit
}

#__helps alot from unwanted SQL queries__
sub antiInjection{
  my @badList = qw(select from where union order char drop alter desc show set insert);
  chomp(my $param = shift);
  $param=~m/$_/i and print "<span style='color:#ff0000;'>WORD $_ IS BANNED FROM USE!</span>" and exit for (@badList);
}



########## MAIN PROGRAM #########

my $query = new CGI;
my $script_name = "secured.pl";

#__html header__
&header;



#__create test dir__
my $Test_Dir = 'TEST';
unless (-d $Test_Dir){
  mkdir ("$Test_Dir", 0755) || die "<b>Error 675 couldn't create <br><b>$Test_Dir </b><br>$!<hr>";
}

#__get timestamp__
my $Time_Stamp = time;

#__name final file with timestamp value__
my $Results_File = "$Time_Stamp.txt";
my $Results_Path = "$Test_Dir/$Time_Stamp.txt";

#__print date and time to browser__
my $timeToShow = localtime($Time_Stamp);
print"<br><br> On <u>$timeToShow</u> we saved results to file: ($Results_File)<hr>";

#__use timestamped file to add some data__
open (RESULTS, ">>$Results_Path") || die "Error 5643: can't print to <br><b>$Results_Path</b><br>$!<hr>";
flock (RESULTS, 2);

#__obtain all fields__
my @fields = $query->param;
#__list of values for each parameter__
my @vals;

for my $key (@fields){

  #__check keys__
  chomp($key);
  #__warning if forbidden characters to be involved__
  &Warning_One if $key=~m/[^\w.-]+/;
  #__it's secured and untainted now__
  $key = $1 if $key=~m/([\w.-]+)/;
  #__to make sure the digit is digit__
  $key += 0 unless $key =~ m/\D+/;
  &antiInjection($key);

  #__obtain all values__
  @vals = $query->param($key);
  for my $value (@vals){
    ######## START REGEX ############
    chomp($key,$value);
    &Warning_One if $value=~m/[^\w.-]+/;
    $value=$1 if $value=~m/([\w.-]+)/;
    $value+=0 unless $value=~m/\D+/;
    &antiInjection($value);
    ######## END REGEX ##############

    ######## PRINT TO FILE ##########
    print  RESULTS  "Key ($key) Value ($value)\n";
    ######## PRINT TO THE BROWSER ##########
    print"<b>Key ($key) value ($value)<br>";
  }
}


###################
###  CLOSE FILE
###################
flock (RESULTS, 8);
close (RESULTS);
chmod (0666, "$Results_Path") || die "Error 5641: can't chmod to <br><b>$Results_File)</b><br>$!<hr>";
&footer;