#!/usr/bin/perl # # spiderfind.cgi # # Note: must set $DEBUG=0 in spider.pl. $| = 1; # Use Brigitte Jellinek's library to get form # data into the array %form_data. require("./bjellis.pl"); &GetFormArgs(); $search = $form_data{"search"}; $url = $form_data{"url"}; # Build a command using the data passed from the # form. Note the quotes around the data from the # form are vital. They prevent a web user from # entering a search string like # "test; cd /; rm-r *" # and deleting every file the web server user has # access to. $cmd = sprintf('./spider.pl "%s" "%s"', $form_data{"url"}, $form_data{"search"}); # Run the command and wrap the results up in HTML # and print it back to the web server. $result = `$cmd`; print "Content-type: text/html\n\n"; print "<HTML><TITLE>Search Results</TITLE>\n"; print "<BODY><H2>Search Results for '$search' " print "on '$url'</H2>\n"; print "</BODY></HTML>"; $result =~ s|([^\n]*)\n| <A href="$1">$1</A><BR>\n|g; print $result;