#!/usr/local/bin/perl

$TEST=0;

($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdat) = gmtime(time);
$mon+=1;
$datum = $mday . "." . $mon . "." . $year;
$uhrzeit = $hour . ":" . $min;

$logfile="/home/eberl/WWW/browser.log";
open (LOG, ">>$logfile") || die "cannot open lofile $logfile";
print LOG "$datum $uhrzeit $ENV{'HTTP_USER_AGENT'} command.pl $ENV{'REMOTE_ADDR'} $ENV{'REMOTE_HOST'}\n";
close(LOG);

# Print out a content-type for HTTP/1.0 compatibility
print "Content-type: text/html\n\n";

# Get the input
if ($ENV{'REQUEST_METHOD'} eq 'POST') {
 read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
} else {
 $buffer = $ENV{'QUERY_STRING'};
}

# Split the name-value pairs
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
    ($name, $value) = split(/=/, $pair);

    # Un-Webify plus signs and %-encoding
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

    # Uncomment for debugging purposes
    print "$name = $value<BR>\n" if $TEST;

    $FORM{$name} = $value;
}

$PFAD{'traceroute'}='traceroute';
$PFAD{'ping -c3'}='/etc/ping -c3';
$PFAD{'nslookup'}='/usr/etc/nslookup';
$PFAD{'finger'}='finger';

print "<Head>\n<title>Ausgabe des Kommandos</title>\n</Head>\n";
print "<Body>\n<H3>Ausgabe des Kommandos $FORM{'comm'}"; 
print " $FORM{'param'}</H3><p>\n";
&fehler("Kein Semikolon erlaubt!") if $FORM{'param'} =~ /\;/;
&fehler("Kein Ampersand erlaubt!") if $FORM{'param'} =~ /\&/;
&fehler("Kein Backquote erlaubt!") if $FORM{'param'} =~ /\`/;
&fehler("Kein redirect erlaubt!") if $FORM{'param'} =~ /\>/;
if ($FORM{'param'} =~ /\|/) {
    &fehler("Nach \| nur grep erlaubt!") unless $FORM{'param'} =~ /\|\s*[-\s\w]+$/;
 }
$kommando = "$PFAD{$FORM{'comm'}} $FORM{'param'}";
if (open (CO,"$kommando |")) {
   print "<pre>\n";
   while (<CO>) {
      print;
   }
   print "</pre>\n";
} else {
   print "Kommando $FORM{'comm'} als $PFAD{$FORM{'comm'}} nicht gefunden\n";
}
print "</Body>\n<\html>\n";

####

sub fehler
{
    print "<p>Fehler !\n";
    print "<P><H2>@_</H2>\n";
    print "</BODY>\n</HTML>\n";
    exit;
}