diff --git a/data/cgi/getmsg.cgi b/data/cgi/getmsg.cgi index 514213bdc3..fb2d4289f9 100755 --- a/data/cgi/getmsg.cgi +++ b/data/cgi/getmsg.cgi @@ -1,149 +1,149 @@ #!/usr/local/bin/perl -T # # Given a filename, start offset and end offset of a mail message, # read the message and format it nicely using HTML. # # by John Fieber # February 26, 1998 # -# $Id: getmsg.cgi,v 1.7 1998-03-18 19:40:33 wosch Exp $ +# $Id: getmsg.cgi,v 1.8 1998-03-19 11:01:54 wosch Exp $ # require "./cgi-lib.pl"; require "./cgi-style.pl"; use POSIX qw(strftime); # # Files MUST be fully qualified and MUST start with this path. # $messagepath = "/usr/local/www/db/text/"; &ReadParse(*formdata); &Fetch($formdata{'fetch'}); exit 0; sub Fetch { my ($docid) = @_; my ($start, $end, $file) = split(/ /, $docid); my ($message, @finfo); # # Check to ensure that (a) the specified file starts # with an approved pathname and (b) that it contains no # relative components (eg ..). This is so that arbitrary # files cannot be accessed. # $file =~ s/\.\.//g; $file =~ s|/+|/|; if ($file =~ /^$messagepath/ && open(DATA, $file)) { @finfo = stat DATA; seek DATA, $start, 0; read DATA, $message, $end - $start; close(DATA); $message = &MessageToHTML($message); print "last-modified: " . POSIX::strftime("%a, %d %b %Y %T GMT", gmtime($finfo[9])) . "\n"; } else { $message = "
The specified message cannot be accessed.
\n"; } print &short_html_header("FreeBSD Mail Archives"); print $message; print &html_footer; print "