-
Notifications
You must be signed in to change notification settings - Fork 0
/
chat.cgi
127 lines (107 loc) · 4.52 KB
/
chat.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/perl
use HTML::Entities;
eval {
require "chat_vars.cgi"; #load up common variables and routines. // &cgierr
};
warn $@ if $@;
print "Content-type: text/html\n\n";
print "Content-Length: ", length(''), "\r\n\r\n"; #closes connection immediately for IE limited connection settings...
%in = &parse_form;
=pod
$uid = $in{uid};
if ($uid eq '') {$uid='common'}
$game = $in{game};
=cut
$name = HTML::Entities::encode($in{chatname}); #escape text to avoid code being run. Cross-site Scripting Attacks
$line = HTML::Entities::encode($in{chatline}); #escape text to avoid code being run. Cross-site Scripting Attacks
$sessioncode = HTML::Entities::encode($in{sessioncode}); #escape text to avoid code being run. Cross-site Scripting Attacks
$sessioncode =~ s/ //g; # remove spaces so we can't create directories where we are not suposed to
$sessioncode =~ s/[\.\\\/]//g; #remove . and / \ so we can't create directories where we are not suposed to
if ($sessioncode eq "") {exit} #do not allow writing in the root /tarotmaster/output/
$chatdirectory = "$chattextpath/$sessioncode";
$chatfile = "$chatdirectory/$chatfilename";
=pod
open (DATA, ">>error.txt") or die("Could not create file error.txt");
print DATA "$chatfile";
close (DATA);
=cut
#if (not -d ("$chatdirectory")) {mkdir("$chatdirectory") or die("Could not create archive path $chatdirectory");}
if ($in{clear} == 1) #clear file
{
open (DATA, ">$chatfile") or die("Could not create file $chatfile");
close (DATA);
}
if ($in{chatline} ne '')
{
=pod
#limit number of lines for chatbox
open (DATA, "<$temp") or die("Could not open file $temp");
my @DATA = <DATA>;
close (DATA);
if (scalar(@DATA) > 5)
{
splice @DATA , 0 ,(scalar(@DATA) - 5);
open (DATA, ">$temp") or die("Could not create file $temp");
flock(DATA , LOCK_EX);
print DATA @DATA;
flock(DATA , LOCK_UN);
close (DATA);
}
=cut
#Limit line length
$strlength = $chatlinelength;
if (length($line) > $strlength)
{$line = substr($line , 0 , $strlength)}
$datestr = &unix_to_date(time());
$datestr = "($datestr)";
$temp2 = "$name: <b>$line</b> <font size='-2'>$datestr ($ENV{'REMOTE_HOST'})</font>"; #add date time stamp at end of chat line
#write archice file
open (DATA, ">>$chatfile") or die("Could not create file $chatfile");
flock(DATA , LOCK_EX);
print DATA "$temp2<br>\n";
flock(DATA , LOCK_UN);
close (DATA);
}
sub unix_to_date {
# --------------------------------------------------------
# This routine must take a unix time and return your date format
# A much simpler routine, just make sure your format isn't so complex that
# you can't get it back into unix time.
#
my $time = shift;
my ($sec, $min, $hour, $day, $mon, $year, $dweek, $dyear, $tz) = localtime $time;
my @months = qw!Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec!;
$year = $year + 1900;
return "$day-$months[$mon]-$year $hour:$min:$sec";
}
sub parse_form {
# --------------------------------------------------------
# Parses the form input and returns a hash with all the name
# value pairs. Removes SSI and any field with "---" as a value
# (as this denotes an empty SELECT field.
my (@pairs, %in);
my ($buffer, $pair, $name, $value);
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
@pairs = split(/&/, $ENV{'QUERY_STRING'});
}
elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
}
else {
&cgierr ("This script must be called from the Web\nusing either GET or POST requests\n\n");
}
PAIR: foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/<!--(.|\n)*-->//g; # Remove SSI.
if ($value eq "---") { next PAIR; } # This is used as a default choice for select lists and is ignored.
(exists $in{$name}) ?
($in{$name} .= "~~$value") : # If we have multiple select, then we tack on
($in{$name} = $value); # using the ~~ as a seperator.
}
return %in;
};