Thanks for the advice. I would've thought about that sooner or later, but
better sooner than later. And this is not on a high traffic site, in fact
only a few select folks know about it. Anyhow, hows this...
my $manpage = param("manpage");
if ($manpage =~ /^([-\@\w.]+)$/) {
$manpage = $1; # $manpage now untainted
} else {
print "Bad data in string: $manpage <br>IP Address $ENV{REMOTE_ADDR}
has
been logged."; # log this somewhere
die "Bad data in string: ($manpage) :IP Address $ENV{REMOTE_ADDR} has
been logged.";
}
my @output = `man $manpage | perl -pe 's/(?:.\cH)//g'`;
print "<pre>";
foreach (@output) {$_ =~ /\w/; print };
print "</pre>";
> From: Kevin Meltzer wrote:
>
> On Wed, May 02, 2001 at 04:20:49PM -0500, J. Patrick Lanigan
> ([EMAIL PROTECTED]) spew-ed forth:
>
> [snip]
>
> > my $manpage = param("manpage");
> > my @output = `man $manpage | perl -pe
> 's/(?:.\cH)//g'`; #Thanks Paul
>
> Please read perlsec and untaint $manpage (by hand, or with
> Untaint.pm). It is a
> dangerous habbit to pass unknown data to a sub-shell.
>
> Cheers,
> Kevin
>
> > print "<pre>";
> > foreach (@output) {$_ =~ /\w/; print };
> > print "</pre>";
> > } else {
> > print hr, start_form;
> > print p("Enter manpage: ", textfield("manpage"));
> > print p(submit("lookup"), reset("clear"));
> > print end_form, hr;
> > }
> > print end_html();
> >
> >
> > Thanks again,
> > Patrick
> >
> >
> > > --- Casey West <[EMAIL PROTECTED]> wrote:
> > > > On Wed, May 02, 2001 at 03:12:23PM -0500, J. Patrick Lanigan wrote:
> > > > : Thanks to Paul and Mike for the quick response.
> > > > :
> > > > : Now, does anyone know how I can trim out the unwanted charecters
> > > > from the
> > > > : output of a man page so that I can display it in a browser?
> > > >
> > > > Well, you could use the man2html utility, it doesn't seem
> like anyone
> > > > is interested in tackling the job of converting Man to 'X' on CPAN.
> > > > You might get away with stripping out just the text by doing:
> > > >
> > > > man ls | perl -pe's#(.)(\cH\1)|_\cH(.)#$1||$3#ge'
> > >
> > > Couldn't you just delete all characters followed by a backspace?
> > >
> > > man ls | perl -pe 's/(?:.\cH)//g'
> > >
> > > perl -p meaning print each line after processing it, -e
> meaning do this
> > > expression first; the pattern being "substitute any character followed
> > > by a backspace with nothing, globally".
> >
>
> --
> [Writing CGI Applications with Perl - http://perlcgi-book.com]
> "If you don't stand for anything, you don't stand for anything!"
> -- G.W. Bush at a rally at Bellevue Community College
