#!/usr/athena/bin/perl -T
use strict;
use warnings;
use CGI qw( :standard );
# Make path safe
$ENV{'PATH'} = '/bin:/usr/bin:/usr/athena/bin/';
print header(),
start_html('A Simple Example'),
h1('A Simple Example'),
start_form(),
"Finger whom? ",
textfield('user'),
submit(),
end_form(),
hr();
# Get user input
my $user = param('user');
if ($user) {
# Untaint user input
if ($user =~ /^(\w*)$/) {
$user = $1;
# Command is now safe
my $output = `finger $user`;
print pre("$output\n"),
hr();
} else {
# User input is unsafe
print p("Invalid username. Please try again.");
}
}
print end_html();
|