#!/usr/local/bin/perl require 'cgi-lib.pl'; if (&ReadParse(*in)){ $file = $in{'file'}; if ($file ne "") { $file = &ez_url_sanitize($file); # $fileをサニタイズ $file = '/service/s_print_jp/' . $file; go($file); } else { back; } } else { back; } sub go { $file_name = shift @_; open (HTML1, "dl02_07_03_01.htm"); open (HTML2, "dl02_07_03_02.htm"); print &PrintHeader; while(){ print; } # print ""; while(){ print; } close(HTML2); close(HTML1); } sub back { print &PrintHeader; print < STAR MICRONICS CO.,LTD HTML_EOF print &HtmlBot; } sub ez_url_sanitize { my $url = $_[0]; ### もしURLで許可されていない文字があるなら空文字列を返す ### # --- http://www.ietf.org/rfc/rfc2396.txt --- # uric = reserved | unreserved | escaped # reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | "," # unreserved = alphanum | mark # mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" # escaped = "%" hex hex return '' if($url =~ m|[^;/?:@&=+\$,A-Za-z0-9\-_.!~*'()%]|); ### もし未知のスキームなら空文字列を返す ### # --- http://www.ietf.org/rfc/rfc2396.txt --- # scheme = alpha *( alpha | digit | "+" | "-" | "." ) if($url =~ /^([A-Za-z][A-Za-z0-9+\-.]*):/) { # $urlにはスキームがあるのでチェック my $scheme = lc($1); # スキームを小文字に変換 my $allowed = 0; $allowed = 1 if($scheme eq 'http'); $allowed = 1 if($scheme eq 'https'); $allowed = 1 if($scheme eq 'mailto'); return '' if(not $allowed); } ### HTMLエスケープ ### # special = "&" | "<" | ">" | '"' | "'" # URL許可文字だけなので"<",">",'"'は$url中に存在しない $url =~ s/&/&/g; # & → & $url =~ s/'/'/g; # ' → ' return $url; }