Changeset 67 for trunk/dnsbl/browse.cgi
- Timestamp:
- 01/09/18 18:12:13 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dnsbl/browse.cgi
r66 r67 3 3 ## 4 4 # $Id$ 5 # Copyright 2009-201 1,2014Kris Deugau <kdeugau@deepnet.cx>5 # Copyright 2009-2012,2014,2018 Kris Deugau <kdeugau@deepnet.cx> 6 6 # 7 7 # This program is free software: you can redistribute it and/or modify … … 23 23 use DBI; 24 24 use CGI::Carp qw(fatalsToBrowser); 25 use CGI::Simple; 25 26 use HTML::Template; 26 27 27 use DNSBL ;28 use DNSBL 2.2; 28 29 use DNSBLweb; 29 30 … … 49 50 } 50 51 52 # Set up the CGI object... 53 my $q = new CGI::Simple; 54 # ... and get query-string params as well as POST params if necessary 55 $q->parse_query_string; 56 57 my %webvar; 58 # This is probably excessive fiddling, but it puts the parameters somewhere my fingers know about... 59 foreach ($q->param()) { 60 $webvar{$_} = $q->param($_); 61 } 62 63 # try to be friendly to non-US-ASCII characters. Still need to find what 64 # difference from RH<->Debian is still at fault. 65 print $q->header(-charset=>'utf8'); 66 51 67 my $dbh = $dnsbl->connect($dbhost, $dbname, $dbuser, $dbpass); 52 68 53 print "Content-Type: text/html\n\n";69 my $block = ''; 54 70 55 71 my $templatedir = $ENV{SCRIPT_FILENAME}; … … 65 81 } 66 82 67 my $template = HTML::Template->new(filename => "browse.tmpl"); 83 # basic validation so we don't try to look up something ridiculous 84 if ($webvar{block}) { 85 $webvar{block} =~ s/\s+//g; 86 $block = $webvar{block} if $webvar{block} =~ /^[\d\.]+(?:\/\d+)?$/; 87 } 68 88 69 $template->param(pgtitle => $config{pgtitle}) if defined($config{pgtitle}); 70 $template->param(pgcomment => $config{pgcomment}) if defined($config{pgcomment});89 if ($block) { 90 my $template = HTML::Template->new(filename => "browse.tmpl"); 71 91 72 my $out = DNSBLweb::retlvl($dbh, $dnsbl, 0, block => '162.144.0.0/16'); 92 $template->param(pgtitle => $config{pgtitle}) if defined($config{pgtitle}); 93 $template->param(pgcomment => $config{pgcomment}) if defined($config{pgcomment}); 73 94 74 $template->param(enchilada => $out); 75 print $template->output; 95 my $out; 96 if ($block =~ /^[\d\.]+$/) { 97 $out = DNSBLweb::retlvl($dbh, $dnsbl, 0, ip => $block, block => $dnsbl->getcontainer($block,0) ); 98 } else { 99 $out = DNSBLweb::retlvl($dbh, $dnsbl, 0, block => $block); 100 } 101 102 $template->param(enchilada => $out); 103 print $template->output; 104 105 } else { 106 # refuse to show the whole tree, as in a "real" dataset it's horribly slow. even a /8 is often "a bit much" 107 print qq( 108 <html> 109 <head> 110 <title>$config{pgtitle}</title> 111 <body> 112 $config{pgcomment}<br> 113 ); 114 if ($webvar{block}) { 115 $webvar{block} =~ s{[^\w]+}{_}g; #neuter any attempts at funky data injection 116 print qq(<span style="border: 1px solid #FF0000;">Invalid netblock specification $webvar{block}</span>\n); 117 } 118 print qq( 119 <form action="browse.cgi" method="POST"> 120 Enter a CIDR netblock to browse.<br> 121 This does not have to exactly match a netblock entered in the database.<br> 122 <input name="block"> 123 <input type="submit"> 124 </form> 125 </body> 126 </html> 127 ); 128 }
Note:
See TracChangeset
for help on using the changeset viewer.