#!/usr/bin/perl
#written by Andrew Stringer 30-04-2006
#this is intended to be run from an ssi:-
#<!--#include virtual="/cgi-bin/convert2html.pl?path/to/file.xml" -->
#it takes an html file or xml file and converts the < to &amp;lt; etc. and
#prints to stdout enclosed in a <pre> </pre> tag. This allows code listings
#to appear in web pages correctly formatted.

use warnings;
use strict;

MAIN:
{
my $line;
#set prefix to path to webroot
my $prefix = '/data/rainsbrook/http';
my $query = $ENV{'QUERY_STRING'} ;

my $debug = '0' ;

#remove double dots (..) to prevent file system traversal
#Only naughty boys would want to do this, should not affect normal users.
$query =~ s/\.\.//g;
$query =~ s/\/\//\//g;

#only allow files below the webroot to be readout
my $url = "$prefix/$query" ;

open (FILE, "$url");

print "Content-type: text/html\n\n" ;

if($debug){
print "ENV{'QUERY_STRING'} is $query \n<br>\n" ;
print "URL is $url \n";
}

print "<pre>\n";

while ($line = <FILE>) 
	{
#use /g to catch all occurances on each line
	$line =~ s/\</\&lt\;/g;
	$line =~ s/\>/\&gt\;/g;

	print $line;
	}
print "</pre>\n";

}
exit(0);