| #!/bin/sh |
| # This CGI creates directory index. |
| # Put it into cgi-bin/index.cgi and chmod 0755. |
| # |
| # Problems: |
| # * Unsafe wrt weird filenames with <>"'& etc... |
| # * Not efficient: calls stat (program, not syscall) for each file |
| # * Probably requires bash |
| # |
| # If you want speed and safety, you need to code it in C |
| |
| # Must start with '/' |
| test "${QUERY_STRING:0:1}" = "/" || exit 1 |
| # /../ is not allowed |
| test "${QUERY_STRING%/../*}" = "$QUERY_STRING" || exit 1 |
| test "${QUERY_STRING%/..}" = "$QUERY_STRING" || exit 1 |
| |
| # Outta cgi-bin... |
| cd .. 2>/dev/null || exit 1 |
| # Strip leading '/', go to target dir |
| cd "${QUERY_STRING:1}" 2>/dev/null || exit 1 |
| |
| f=`dirname "$QUERY_STRING"` |
| test "$f" = "/" && f="" |
| |
| # Pipe thru dd (need to write header as single write(), |
| # or else httpd doesn't see "Content-type: text/html" |
| # in first read() and decides that it is not html) |
| { |
| printf "%s" \ |
| $'HTTP/1.0 200 OK\r\n'\ |
| $'Content-type: text/html\r\n\r\n'\ |
| "<html><head><title>Index of $QUERY_STRING</title></head>"$'\r\n'\ |
| "<body><h1>Index of $QUERY_STRING</h1><pre>"$'\r\n'\ |
| $'<table width=100%>\r\n'\ |
| $'<col><col><col width=0*>\r\n'\ |
| $'<tr><th>Name<th align=right>Last modified<th align=right>Size\r\n'\ |
| \ |
| "<tr><td><a href='$f/'>..</a><td><td>"$'\r\n' |
| |
| IFS='#' |
| for f in *; do |
| # Guard against empty dirs... |
| test -e "$f" && \ |
| stat -c "%F#%s#%z" "$f" | { |
| read type size cdt junk |
| dir='' |
| test "$type" = "directory" && dir='/' |
| cdt="${cdt//.*}" # no fractional seconds |
| cdt="${cdt// / }" # prevent wrapping around space |
| printf "%s" "<tr><td><a href='$f$dir'>$f</a><td align=right>$cdt<td align=right>$size"$'\r\n' |
| } |
| done |
| printf "</table></pre><hr></body></html>"$'\r\n' |
| } | dd bs=4k |