my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt"; my @menu_files = map m{([^/]+)\.txt}, @files; Encode::from_to($_, 'ISO-8859-7', 'utf8') for @menu_files; print header( -charset=>'utf8' ); my $article = param('select') || "Αρχική Σελίδα!"; if ( param('select') ) { #If user selected an item from the drop down menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user selection doesn't match one of the valid filenames within @menu_files { if( param('select') =~ /\0/ ) { $article = "*Null Byte Injection* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $article ); } if( param('select') =~ /\.\.\// ) { $article = "*Backwards Directory Traversal* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $article ); } $select = $db->prepare( "UPDATE guestlog SET article=?, date=?, counter=counter+1 WHERE host=?" ); $select->execute( $article, $date, $host ); exit 0; } Encode::from_to($article, 'utf8', 'ISO-8859-7'); #Convert user selected filename to greek-iso so it can be opened open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die $!; local $/; $data = ; close FILE; Encode::from_to($article, 'ISO-8859-7', 'utf8'); #Convert user selected filename back to utf8 before inserting into db $select = $db->prepare( "UPDATE guestlog SET article=?, date=?, counter=counter+1 WHERE host=?" ); $select->execute( $article, $date, $host ); } else { $select = $db->prepare( "SELECT host FROM guestlog WHERE host=?" ); $select->execute( $host ); if ($select->rows) { $select = $db->prepare( "SELECT host, DATE_FORMAT(date, '%a %d %b, %h:%i') AS date, counter, article FROM guestlog WHERE host=?" ); $select->execute( $host ); $row = $select->fetchrow_hashref; $data = "Καλώς ήλθες $host! Χαίρομαι που βρίσκεις την σελίδα ενδιαφέρουσα. Τελευταία φορά ήρθες εδώ ως $row->{host} στις $row->{date} ! Προηγούμενος αριθμών επισκέψεων => $row->{counter} Τελευταία είδες το κείμενο [ $row->{article} ] Ποιό κείμενο θα μελετήσεις αυτήν την φορά !?"; $select = $db->prepare( "UPDATE guestlog SET date=?, counter=counter+1 WHERE host=?" ); $select->execute( $date, $host ); } else { if ($host eq "Administrator") { $data = "Γειά σου Νικόλα! Πώς πάνε τα κέφια? ;-)"; } else { $data = "Γειά σου $host! Έρχεσαι για 1η φορά εδώ !! Ελπίζω να βρείς τα κείμενα ενδιαφέροντα :-)"; } unless ($host eq "Administrator") { $select = $db->prepare( "INSERT INTO guestlog (host, date, article, counter) VALUES (?, ?, ?, ?)" ); $select->execute( $host, $date, $article, 1 ); } } } for ($data) { #Replace special chars like single & double quotes to its literally values s/\n/\\n/g; s/'/\\'/g; s/"/\"/g; tr/\cM//d; }