crawl-66-249-67-210.googlebot.com 09 Jan, 20:09 item_from_drop_down_menu 3 zeep.ldc.upenn.edu 07 Jan, 21:29 Θανάσιμα αμαρτήματα 5 #### my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt"; my @menu_files = map m{([^/]+)\.txt}, @files; Encode::from_to($_, 'ISO-8859-7', 'utf8') for @menu_files; print header( -charset=>'utf8' ); my $article = param('select') || "Αρχική Σελίδα!"; if ( param('select') ) { #If user selected an item from the drop down menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user selection doesn't match one of the valid filenames within @menu_files { if( param('select') =~ /\0/ ) { $article = "*Null Byte Injection* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $article ); } if( param('select') =~ /\.\.\// ) { $article = "*Backwards Directory Traversal* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $article ); } $select = $db->prepare( "UPDATE guestlog SET article=?, date=?, counter=counter+1 WHERE host=?" ); $select->execute( $article, $date, $host ); exit 0; } Encode::from_to($article, 'utf8', 'ISO-8859-7'); #Convert user selected filename to greek-iso so it can be opened open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die $!; local $/; $data = ; close FILE; Encode::from_to($article, 'ISO-8859-7', 'utf8'); #Convert user selected filename back to utf8 before inserting into db $update = $db->prepare( "UPDATE guestlog SET article=?, date=?, counter=counter+1 WHERE host=?" ); $update->execute( $article, $date, $host ) }