#!/usr/bin/perl # # deeplake.com - picture.cgi # # Display pictures for men pics site etc. # # - 19th September 2000: modified for use on men site # - 6th August 2000: program started. BEGIN { unshift @INC, "../scripts"; } use deeplake; # Print the content-type header print "Content-type: text/html\n\n"; # Parse form and get contents &parse_form; ($picture, $name, $url) = ($contents{'picture'}, $contents{name}, $contents{url}); $template = deeplake::get_file('template-pic.html'); $banner = deeplake::get_banner(CATEGORY => 'men', AGENCY => 'valueclick'); # Replace directives with content $template =~ s/___NAME___/$name/sg; $template =~ s/___URL___/$url/sg; $template =~ s/___CONTENT___/$name picture/sg; $template =~ s/___BANNER___/$banner/sg; print $template; # Happy days, finished! sub parse_form { if ($ENV{'REQUEST_METHOD'} eq 'GET') { # Split the name-value pairs @pairs = split(/&/, $ENV{'QUERY_STRING'}); } elsif ($ENV{'REQUEST_METHOD'} eq 'POST') { # Get the input read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); } foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # If they try to include server side includes, erase them, so they # arent a security risk if the html gets returned. Another # security hole plugged up. $value =~ s///g; # Create an associative array $contents{$name} = $value; } }