mirror of
https://github.com/sheumann/hush.git
synced 2025-01-06 21:30:08 +00:00
56 lines
1.6 KiB
Plaintext
56 lines
1.6 KiB
Plaintext
|
#!/bin/sh
|
||
|
# This CGI creates directory index.
|
||
|
# Put it into cgi-bin/index.cgi and chmod 0755.
|
||
|
#
|
||
|
# Problems:
|
||
|
# * Unsafe wrt weird filenames with <>"'& etc...
|
||
|
# * Not efficient: calls stat (program, not syscall) for each file
|
||
|
# * Probably requires bash
|
||
|
#
|
||
|
# If you want speed and safety, you need to code it in C
|
||
|
|
||
|
# Must start with '/'
|
||
|
test "${QUERY_STRING:0:1}" = "/" || exit 1
|
||
|
# /../ is not allowed
|
||
|
test "${QUERY_STRING%/../*}" = "$QUERY_STRING" || exit 1
|
||
|
test "${QUERY_STRING%/..}" = "$QUERY_STRING" || exit 1
|
||
|
|
||
|
# Outta cgi-bin...
|
||
|
cd .. 2>/dev/null || exit 1
|
||
|
# Strip leading '/', go to target dir
|
||
|
cd "${QUERY_STRING:1}" 2>/dev/null || exit 1
|
||
|
|
||
|
f=`dirname "$QUERY_STRING"`
|
||
|
test "$f" = "/" && f=""
|
||
|
|
||
|
# Pipe thru dd (need to write header as single write(),
|
||
|
# or else httpd doesn't see "Content-type: text/html"
|
||
|
# in first read() and decides that it is not html)
|
||
|
{
|
||
|
printf "%s" \
|
||
|
$'HTTP/1.0 200 OK\r\n'\
|
||
|
$'Content-type: text/html\r\n\r\n'\
|
||
|
"<html><head><title>Index of $QUERY_STRING</title></head>"$'\r\n'\
|
||
|
"<body><h1>Index of $QUERY_STRING</h1><pre>"$'\r\n'\
|
||
|
$'<table width=100%>\r\n'\
|
||
|
$'<col><col><col width=0*>\r\n'\
|
||
|
$'<tr><th>Name<th align=right>Last modified<th align=right>Size\r\n'\
|
||
|
\
|
||
|
"<tr><td><a href='$f/'>..</a><td><td>"$'\r\n'
|
||
|
|
||
|
IFS='#'
|
||
|
for f in *; do
|
||
|
# Guard against empty dirs...
|
||
|
test -e "$f" && \
|
||
|
stat -c "%F#%s#%z" "$f" | {
|
||
|
read type size cdt junk
|
||
|
dir=''
|
||
|
test "$type" = "directory" && dir='/'
|
||
|
cdt="${cdt//.*}" # no fractional seconds
|
||
|
cdt="${cdt// / }" # prevent wrapping around space
|
||
|
printf "%s" "<tr><td><a href='$f$dir'>$f</a><td align=right>$cdt<td align=right>$size"$'\r\n'
|
||
|
}
|
||
|
done
|
||
|
printf "</table></pre><hr></body></html>"$'\r\n'
|
||
|
} | dd bs=4k
|