From what I can see... ditch this script.
It is for a "PERL 5-enabled web site". What ever that is :)
It uses cgi-lib, this is terrible. It is perl 4 code and has not been supported for 4 to 5 years
They are making you pay for it (not that I am against that, but that is usually a red-flag to me that these guy/girls do not know what they are doing, especially since the functionality is trivial).
The functionality they offer is minimal.
and the topper is they require permissions at 777. (if you had this on my server I would shut down your account)
Run, don't walk away from this script.
UPDATE: this is basically parsing routine
my $cache = 'blah=hi;cat /etc/passwd';
@pairs = split(/&/, $cache);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
if (defined($FORM{$name})){
$FORM{$name}.="\0";
}
$FORM{$name} .= &strip($value);
}
sub strip {
my($cheese)= @_;
$cheese =~ s/\t/ /g;
$cheese =~ s/\|//g;
$cheese =~ s/\r//g; # should use this.
$cheese =~ s/\n/<P>/g; # should use this.
$cheese =~ s/%95/<li>/g;
$cheese =~ s/"<P><P>"/<P>/g;
return ($cheese);
}
Pardon me if I'm wrong but this does not strip out ;'s which gets really bad since I just spotted.
$directory_size = `du -s $target/$where `;
grep
grep> cd pub
grep> more beer
|