$qstr, ";
} else {
$pre .= "Input type unrecognized, ";
}
if (defined($$attr{name})) {
$qstr = "e($$attr{name});
$pre .= "named $qstr, ";
if (defined($inptype) and $inptype eq 'radio') {
if (defined($radio{$qstr})) {
$post = "Input values for the radio button in the $qstr text " .
"input. " . $post;
$skipthis = 1;
} else {
$radio{$qstr} = 1;
$$attr{type} = 'text';
$post = "Use this text input for $qstr the radio buttons. " .
$post;
}
}
} else {
$pre .= "no name found, ";
}
if (!defined($inptype) or ($inptype !~ /hidden|password|text/)) {
if (defined($$attr{value})) {
$qstr = "e($$attr{value});
$pre .= "with value $qstr, ";
} else {
$pre .= "with no value, ";
}
}
if (defined($$attr{src})) {
my $newimage = URI->new_abs( $$attr{src}, $origpage );
$$attr{src} = $newimage;
push(@allowed, qw( src border height width ));
}
$pre .= "original HTML $esctext\n"; } elsif ($tagtype eq 'select') { $selname = &defselname(); # @allowed = ( 'name', 'multiple' ); if (defined($selname = $$attr{name})) { $selname = quote($selname); $pre .= "Turning select $selname into text input. Any option "; $pre .= "values for this select will be printed. "; @allowed = ( 'type', 'name' ); $tagtype='input'; $$attr{name} = 'text'; if(defined($$attr{multiple})) { $pre .= "Note that this select allows multiple inputs, so "; $pre .= "more than one text input follows. "; $selmult = 1; } } } elsif ($tagtype eq 'option') { @allowed = ( 'value', 'selected' ); $isoption = 1; $pre = "Original option HTML
$esctext\n ";
} elsif ($tagtype eq 'form') {
@allowed = ( 'action', 'method', 'enctype', 'name' );
if (defined($$attr{action})) {
my $newaction = URI->new_abs( $$attr{action}, $origpage );
$$attr{action} = $newaction;
$qstr = "e($newaction);
$pre .= "Form has action $qstr, ";
} else {
$pre .= "No action found for form, ";
}
if (defined($$attr{method})) {
$qstr = "e($$attr{method});
$pre .= "method $qstr, ";
} else {
$pre .= "default method, ";
}
$pre .= "original HTML $esctext\n"; } elsif ($tagtype eq 'textarea') { @allowed = ( 'name', 'cols', 'rows', 'wrap' ); $textarea = 1; $pre .= "Original HTML
$esctext\n"; } $newtext = '<' . $tagtype; for $_ (@allowed) { if (exists($$attr{$_})) { $newtext .= ' ' . $_; if (defined($$attr{$_})) { $newtext .= '="' . $$attr{$_} . '"'; } } } $newtext .= '>'; print $pre; if ($selmult) { my $i; print "
$text$esctext\n"; print $origtext unless $wasoption; print $post unless $wasoption; } } # end &end # Quote HTML for safe printing. sub quote ($) { my $string = shift; $string =~ s/([<>&])/$entity{$1}/g; return $string; } $origpage = $ARGV[0]; if(defined($origpage)) { if ($origpage =~ /^-+h/i) { print "Read POD in $0 for help.\n'perldoc $0' should work.\n"; exit; } if ($origpage =~ m<^(?i:http)(://[!-~]{1,2000})$>) { $origpage = "http$1"; } else { print "Unrecognized usage. Use as a CGI or read the POD for help.\n"; print "'perldoc $0' should work.\n"; exit; } } else { $query = new CGI; $origpage = $query->param('url'); print &headers(); } if (defined($origpage)) { if($origpage =~ m<^(?i:http)(://[!-~]{1,2000})$>) { # untainted $origpage = "http$1"; $ua = LWP::UserAgent->new; $request = HTTP::Request->new('GET', $origpage); $response = $ua->request($request); print "
page is " . "e($origpage) . "
\n";
print "page size is " . length($response->content) . " bytes
url parameter.\n";
}
} else {
my $form = $ENV{SCRIPT_NAME};
print "POD documentation
\n\n";
}
print;
}
if ($. > 1) {
print "\n\n\n";
} else {
print "\nDidn't find POD to print\n";
}
}
__DATA__
=pod
=head1 NAME
extract-form : HTML form rewriter for command line or CGI use
=head1 DESCRIPTION
This script will fetch an HTML page via HTTP and extract all the
forms out of it. The forms will be rewritten to expose all hidden
inputs, etc, so that random values can be substituted in. Also
Javascript in the page to verify inputs, etc, will be stripped.
Useful for seeing how CGI programs deal with non-sanctioned input.
During the course of rewriting the forms the script will convert
E