Here is index.pl as it is now: you can view it at
http://nikos.no-ip.org
if you want
#!/usr/bin/perl -w
use strict;
use CGI::Carp qw(fatalsToBrowser);
use CGI qw
standard);
use DBI;
use POSIX qw(strftime);
use Encode;
my ($select, $article, $row, $data);
my $date = strftime('%y-%m-%d %H:%M:%S', localtime);
my $display_date = strftime('%a %d %b, %I:%M %p', localtime);
Encode::from_to($display_date, 'ISO-8859-7', 'utf8');
my $host = gethostbyaddr (pack ("C4", split (/\./,
$ENV{'REMOTE_ADDR'})), 2) || $ENV{REMOTE_ADDR};
$host = "Administrator" if ( ($host =~ /dell/) or ($host =~ /
localhost/) );
#===============================================================================
my $db = ( $ENV{'SERVER_NAME'} !~ /varsa/ )
? DBI->connect('DBI:mysql
rthodox;localhost', 'root', '*****',
{RaiseError=>1})
: DBI->connect('DBI:mysql:nikosva_orthodox;
www.freegreece.net',
'nikosva_nikos', '****', {RaiseError=>1});
#===============================================================================
print header( -charset=>'utf-8' );
my $article = param('select') || "Áñ÷éêÞ Óåëßäá!";
my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt";
my @display_files = map m{([^/]+)\.txt}, @files;
Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files;
if ( param('select') ) { #If user selected an item from the drop
down menu
unless ( grep { $_ eq param('select') } @display_files ) #Unless
user selection doesn't match one of the valid filenames within
@display_files
{
if( param('select') =~ /\0/ )
{
$article = "*Null Byte Injection* attempted & logged!";
print br() x 2, h1( {class=>'big'}, $article );
}
if( param('select') =~ /\/\.\./ )
{
$article = "*Backwards Directory Traversal* attempted &
logged!";
print br() x 2, h1( {class=>'big'}, $article );
}
$select = $db->prepare( "UPDATE guestlog SET article=?, date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $article, $date, $host );
exit 0;
}
$article = decode('utf8', param('select' ));
Encode::from_to($article, 'utf8', 'ISO-8859-7');
open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die
$!;
local $/;
$data = <FILE>;
close FILE;
$select = $db->prepare( "UPDATE guestlog SET article=?, date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $article, $date, $host );
}
else {
$select = $db->prepare( "SELECT host FROM guestlog WHERE host=?" );
$select->execute( $host );
if ($select->rows)
{
$select = $db->prepare( "SELECT host, DATE_FORMAT(date, '%a %d
%b, %h:%i') AS date, counter, article FROM guestlog WHERE host=?" );
$select->execute( $host );
$row = $select->fetchrow_hashref;
$data = "Êáëþò Þëèåò $host! ×áßñïìáé ðïõ âñßóêåéò ôçí óåëßäá
åíäéáöÝñïõóá.
Ôåëåõôáßá öïñÜ Þñèåò åäþ ùò $row->{host} óôéò $row-
Ðñïçãïýìåíïò áñéèìþí åðéóêÝøåùí => $row->{counter}
Ôåëåõôáßá åßäåò ôï êåßìåíï [ $row->{article} ]
Ðïéü êåßìåíï èá ìåëåôÞóåéò áõôÞí ôçí öïñÜ !?";
$select = $db->prepare( "UPDATE guestlog SET date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $date, $host );
}
else
{
if ($host eq "Administrator") {
$data = "ÃåéÜ óïõ Íéêüëá! Ðþò ðÜíå ôá êÝöéá? ;-)";
}
else {
$data = "ÃåéÜ óïõ $host!
¸ñ÷åóáé ãéá 1ç öïñÜ åäþ !!
Åëðßæù íá âñåßò ôá êåßìåíá åíäéáöÝñïíôá
";
}
unless ($host eq "Administrator") {
$select = $db->prepare( "INSERT INTO guestlog (host, date,
article, counter) VALUES (?, ?, ?, ?)" );
$select->execute( $host, $date, $article, 1 );
}
}
}
for ($data) {
s/\n/\\n/g;
s/"/\\"/g;
tr/\cM//d;
}
#======OK, $data set up. Now print header, start_html and JavaScript
stuff======
print
start_html(
-script => [
"var textToShow = '$data';",
{
-language => 'JAVASCRIPT',
-src => '/data/scripts/char_by_char.js'
}
],
-style => '/data/scripts/style.css',
-title => 'Ïñèüäïîá ÐíåõìáôéêÜ ÈÝìáôá!',
-onload => 'init();'
),
a({href=>'/cgi-bin/register.pl'}, img{src=>'/data/images/reg.jpg'}),
start_form(action=>'/cgi-bin/index.pl'),
h1({class=>'lime'}, "ÅðÝëåîå ôï êåßìåíï ðïõ óå åíäéáöÝñåé => ",
popup_menu( -name=>'select', -values=>
\@display_files ),
submit(-label=>'ok')),
end_form,
div({id => "DivText"}),
end_html;
#===============================================================================
The problem is that when the user selects something from my popup
menu(one string) and then submits it, the returned string being sent
back to my index.pl ain't matching this line: unless ( grep { $_ eq
param('select') } @display_files )
and that fact led to believe that the browser or something else
somehow malformes the original value(the one selected before
submission)
I though that this line would take care of the problem coverting it
properly to utf8 but it doesnt
$article = decode('utf8', param('select' ));
please help