fix so it runs in tainted mode

[ndwebbie.git] / index.pl

diff --git a/index.pl b/index.pl
index 3d324604456016bccdcc95d625e41f59b03482e3..abedcdfc83464c5e4247414554705069be8e50e9 100755 (executable)
--- a/index.pl
+++ b/index.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl -w -T
 #**************************************************************************
 #   Copyright (C) 2006 by Michael Andreen <harvATruinDOTnu>               *
 #                                                                         *
@@ -25,16 +25,16 @@ use DBI;
 use DBD::Pg qw(:pg_types);
 use strict;
 
-
 my $cgi = new CGI;
-
-chdir $ENV{'DOCUMENT_ROOT'};
-
 our $DBH = undef;
 our $USER = $ENV{'REMOTE_USER'};
 my $error;
 
-our $TEMPLATE = HTML::Template->new(filename => 'templates/skel.tmpl');
+if ($ENV{'DOCUMENT_ROOT'} =~ m{((\w|/)+)}){
+       chdir $1;
+}
+
+our $TEMPLATE = HTML::Template->new(filename => 'templates/skel.tmpl', global_vars => 1);
 
 for my $file ("db.pl","include.pl"){
        unless (my $return = do $file){
@@ -79,7 +79,8 @@ if ($XML){
        $ND::TEMPLATE = HTML::Template->new(filename => "templates/xml.tmpl");
        $ND::BODY = HTML::Template->new(filename => "templates/${page}.xml.tmpl");
 }else{
-       $ND::BODY = HTML::Template->new(filename => "templates/${page}.tmpl");
+       $ND::BODY = HTML::Template->new(filename => "templates/${page}.tmpl", global_vars => 1);
+       $ND::BODY->param(PAGE => $page);
 }
 
 
@@ -120,7 +121,7 @@ $USER = undef;
 $PLANET = undef;
 $TEMPLATE = undef;
 $TICK = undef;
-%GROUPS = undef;
+undef %GROUPS;
 $ND::BODY = undef;
 
 exit;