return to first page linux journal archive
# spiderfind.cgi
# Note: must set $DEBUG=0 in

$| = 1;

# Use Brigitte Jellinek's library to get form
# data into the array %form_data.

$search = $form_data{"search"};
$url = $form_data{"url"};

# Build a command using the data passed from the
# form. Note the quotes around the data from the
# form are vital. They prevent a web user from 
# entering a search string like 
# "test; cd /; rm-r *" 
# and deleting every file the web server user has
# access to.
$cmd = sprintf('./ "%s" "%s"', $form_data{"url"}, 

# Run the command and wrap the results up in HTML
# and print it back to the web server.
$result = `$cmd`;
print "Content-type: text/html\n\n";
print "<HTML><TITLE>Search Results</TITLE>\n";
print "<BODY><H2>Search Results for '$search' "
print "on '$url'</H2>\n";
print "</BODY></HTML>";
$result =~ s|([^\n]*)\n|
	<A href="$1">$1</A><BR>\n|g;
print $result;