#!/usr/bin/perl

#########################################################################
# CGI Decoder - Originally by Spence, Modified by Simon			#
# Last Modified 12 May 97						#
#									#
# Breaks up form input and puts into $FORM{'variable_name'}		#
#########################################################################

$stuff = <STDIN>;
$holdme = $stuff;
print "Content-type: text/html\n\n";
$mailer='/usr/lib/sendmail';

@fields = split(/&/,$stuff); #Split each variable/value pair

foreach $field (@fields)  {
	($name, $value) = split(/=/, $field); # Separate var and val

	$value =~ tr/+/ /; # Replace all +'s with spaces

        # Replace a %## with ?? executing the pack command as an expression
        # and replacing all occurences - eg on end does these 2 things.
	# The pack converts whatever was found to its true value.  The
	# C argument means it's looking for an unsigned char
	$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

	# Stop people from using subshells to execute commands
	$value =~ s/~!/ ~!/g; # Replaces all ~!'s with space ~!

	# Stops people from using SSI tags in HTML documents
        # Searches for the ocurrence of <!-- followed by any number of
	# characters or \n followed by --> and replaces it with null
	# for each ocurrence.  The '.' matches any character EXCEPT \n
	$value =~ s/<!--(.|\n)*-->//g;

	$FORM{$name} = $value;
}