LJ Archive
#!/usr/bin/perl
#
# spiderfind.cgi
#
# Note: must set $DEBUG=0 in spider.pl.

$| = 1;

# Use Brigitte Jellinek's library to get form
# data into the array %form_data.
require("./bjellis.pl");
&GetFormArgs();

$search = $form_data{"search"};
$url = $form_data{"url"};

# Build a command using the data passed from the
# form. Note the quotes around the data from the
# form are vital. They prevent a web user from
# entering a search string like
# "test; cd /; rm-r *"
# and deleting every file the web server user has
# access to.
$cmd = sprintf('./spider.pl "%s" "%s"', $form_data{"url"},
   $form_data{"search"});

# Run the command and wrap the results up in HTML
# and print it back to the web server.
$result = `$cmd`;
print "Content-type: text/html\n\n";
print "<HTML><TITLE>Search Results</TITLE>\n";
print "<BODY><H2>Search Results for '$search' "
print "on '$url'</H2>\n";
print "</BODY></HTML>";
$result =~ s|([^\n]*)\n|
   <A href="$1">$1</A><BR>\n|g;
print $result;
LJ Archive