#!/usr/bin/perl -wT # index.pl # pod at tail use strict; use HTML::Template; use CGI qw(:all); use CGI::Carp; # qw(fatalsToBrowser); use Time::localtime; use File::stat; use vars qw($query $content $text @url_array @common_array); my %dir = ( # no trailing slash web => '/var/www', conf => '/etc/HTML-Template', ); my %file = ( perl => 'index.pl', css => 'site.css', tmpl => 'Site.template', ); my $commonlist = 'Common'; my $template = HTML::Template->new(filename=>"$dir{conf}/$file{tmpl}"); my $tm = localtime; my $month = $tm -> mon+1; my $day = $tm -> mday; my $year = $tm -> year+1900; my $hour = $tm -> hour; my $minute = $tm -> min; my $second = $tm -> sec; # Tighten security a bit # from perldoc CGI and CGI Programming w/Perl p210 $CGI::DISABLE_UPLOADS = 1; # probably not needed as no forms upload anyway $ENV{PATH} = ""; delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV',}; # (must precede untaint) # Set query param to site home if url is: # / /index.pl index.pl? /index.pl?page param('page','home') unless defined param('page'); # Untaint query param if ($query = param('page') =~ /^(\w+)$/) {$content = $1;} else {$content = 'Error';} # Build array that lists content files opendir DIR, "$dir{conf}/"; my @files = grep { $_ ne '.' && $_ ne '..' && $_ ne 'Common' && $_ ne 'Site.template' } readdir DIR; closedir DIR; unless (grep{$_ eq $content} @files) {$content = 'Error';} # define template varables $template-> param( TITLE => "$ENV{'SERVER_NAME'} - $content", DAY => $day, MONTH => $month, YEAR => $year, HOUR => $hour, MINUTE => $minute, SECOND => $second, CSSFILE => $file{css}, CODEMOD => ctime(stat("$dir{web}/$file{perl}") -> mtime), CSSMOD => ctime(stat("$dir{web}/$file{css}") -> mtime), URLMOD => ctime(stat("$dir{conf}/$content") -> mtime), COMMONMOD => ctime(stat("$dir{conf}/$commonlist") -> mtime), TMPLMOD => ctime(stat("$dir{conf}/$file{tmpl}") -> mtime), PERLVER => $], CGIVER => $CGI::VERSION, HTMPLVER => $HTML::Template::VERSION, REMHOST => $ENV{'REMOTE_HOST'}, REMADDR => $ENV{'REMOTE_ADDR'}, USERAGNT => $ENV{'HTTP_USER_AGENT'}, SERVADDR => $ENV{'SERVER_ADDR'}, SERVNAME => $ENV{'SERVER_NAME'}, WEBSERV => $ENV{'SERVER_SOFTWARE'}, REFERER => $ENV{'HTTP_REFERER'}, #REMUSER => $ENV{'REMOTE_USER'}, ); # Code to gen navbar links common to all pages unless (my $return = do "$dir{conf}/$commonlist") { die "Cannot parse $commonlist: $@" if $@; die "Cannot do $commonlist: $!" unless defined $return; die "Cannot run $commonlist" unless $return; } for (my $i = 0; $i < $#common_array; $i+=2) { my($loop, $aref) = @common_array[$i, $i+1]; my @vars; for (my $j = 0; $j < $#{$aref}; $j+=2) { my($name, $url) = @{$aref}[$j, $j+1]; push @vars, { name => $name, url => $url }; } $template->param($loop, [ @vars ]); } # Code to gen content and links unique to each page unless (my $return = do "$dir{conf}/$content") { die "Cannot parse $content: $@" if $@; die "Cannot do $content: $!" unless defined $return; die "Cannot run $content" unless $return; } $template->param(CONTENT => $text); for (my $i = 0; $i < $#url_array; $i+=2) { my($loop, $aref) = @url_array[$i, $i+1]; my @vars; for (my $j = 0; $j < $#{$aref}; $j+=2) { my($name, $url) = @{$aref}[$j, $j+1]; push @vars, { name => $name, url => $url }; } $template->param($loop, [ @vars ]); } # feed results through template, and voila! print header, $template->output; ############################################################### =pod =head1 Name index.pl =head1 Description Simple scripted website generator. Uses CGI.pm, HTML::Template, param('page') to eliminate dulication of code and markup. Also uses CSS to separate style from structure (as much as possible, anyway). =head1 Todos Hashamafy remaining scalar variables Research additional CGI security measures Parse "do content" for *short*list* of allowed Perl =head1 Associated files Site.template site.css bunch of content (text/link) files =head1 Updates 2001-05-10 21:35 Hashamafied some scalar variables. 2001-01-12 2000-12-20 =head1 Credits vroom for www.perlmonks.org (duh ;^) Ovid's tutorial for HTML::Template chipmunk provided code snippets for arrays of links+titles Petruchio, davorg, Ovid and chromatic for tips on untainting repson provided snippet for hash of links+titles used in initial code =head1 Author ybiC =cut #########################################################################