I tried what you said but evenif the user select a valid filename drom the drop down menu his request still gets rejected.
Where did i go wrong in the following code?
my @files = <../data/text/*.txt>;
my @display_files = map /([^\/]+)\.txt/, @files;
Encode::from_to($_, "ISO-8859-7", "utf8") for @display_files;
print br;
print start_form( action=>'index.pl' );
print h1( {class=>'lime'}, "Επέλεξ&#
+949; το κείμενο π&#
+959;υ σε ενδιαφέ	
+61;ει => ",
popup_menu( -name=>'select', -values=>
+\@display_files ),
submit('Εμφάν
+ιση'));
print end_form;
my $passage = param('select') || "Αρχική
+ Σελίδα!";
Encode::from_to($passage, "utf8", "ISO-8859-7") if param();
if ( param('select') )
{
unless ( $passage =~ /^[a-zA-Zα-ωΑ-Ω0-9]+$/ )
{
print br() x 2;
print h1( {class=>'big'}, "*Backward Directory Traversal* hack wi
+ll NOT help you here, Mighty Lamer!" );
exit;
}
open(FILE, "<../data/text/$passage.txt") or die $!;
local $/;
$data = <FILE>;
close(FILE);
Encode::from_to($passage, "ISO-8859-7", "utf8");
$select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, c
+ounter=counter+1 WHERE host=?" );
$select->execute( $passage, $date, $host );
}
else
|