Viewing forbidden.cgi


require 5;

use strict;

# Set up the URL to look pretty
# Define the method and default port.  If we're on SSL then they're different

my $method = $ENV{'HTTPS'} ? 'https' : 'http';

# Get the name of the server.  If a HTTP/1.1 Host: field is there, use
# that.  Otherwise, use the generated name of this server.

my $server = $ENV{'HTTP_HOST'} || $ENV{'SERVER_NAME'};

# Finally write the requested URL.

my $url = "$method://$server" . $ENV{'REDIRECT_URL'};
$url =~ s/\&/\&/g;
$url =~ s/</\&lt;/g;
$url =~ s/>/\&gt;/g;

# If the URL ends with a '/', then we're more likely than not generating
# this error because there's no index.html and directory indexing is
# disabled.  We can be more thorough in our checks, but to be exhaustive
# we'd have to know what the server state is for directory indexing, and
# we can only *really* know what a .htaccess file sets it to, but not what
# the default server setting is.

my ($directory, $sreason);
if ($url =~ m{/$}) {
    $directory = ' because indexing is not allowed for that directory.'
} elsif ($sreason = $ENV{'REDIRECT_ERROR_NOTES'}) {
    $directory = ": <b>$sreason</b>";
    $directory .= '.' unless $sreason =~ /\.$/;

# If a Referer: header field is sent, then let them know how they got
# here.  Otherwise give a more generic error message

my $referer;
    my $ref = $ENV{'HTTP_REFERER'};
    $ref =~ s/\&/\&amp;/g;
    $ref =~ s/</\&lt;/g;
    $ref =~ s/>/\&gt;/g;
    $referer = 'You reached this URL from a link on <a href="' .
		$ref . '">' . $ref .  '</a>.';
} else {
    $referer = 'Please check the URL and try again, or if you came to this ' .
		'page via a link, please inform the maintainer of that page.';

# Finally return information to the client

my $tmp = ($ENV{'SERVER_TMPDIR'} || '/tmp') . "/webinfo-error$$.html";
exit 1 unless open TMP, ">$tmp";
print TMP <<"EOS";
<!DOCtype html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

<html xmlns="">
<!--chtml include "//webinfo/incs/"-->
<title>Access Denied</title>
<link rel="stylesheet" href="/webinfo/webinfo.css" type="text/css"/>

<h1>Access Denied</h1>
<!--chtml include "//webinfo/incs/"-->

<p>You do not have the proper authorization to access
<!--chtml include "//webinfo/incs/"-->

close TMP;

my $pwd = `pwd`;
chomp $pwd;

exit 1 unless exec "/www/lib/chtml-postproc -r -d $pwd $tmp";