#!/usr/bin/perl
#
# Octave-cgi main file...  written by mai@ms.uky.edu.
# The code is under GPL 2.0 copyright.
# For security reason, Octave's file/directory commands are disabled.

my($temp);

my $myrndnumber = int(rand(9999)+1);

my $octavefile="octave$myrndnumber";

my $pngfilename="octave$myrndnumber.png";



$temp = "/tmp";


$allowedhost = 'per.ibu.edu.tr';

#use strict;
use CGI;

my($results, $in);
my($q)= new CGI;

# Reconstruct any inputs
#if ($results=$q->param('CALLER')) {
#    $results='<INPUT TYPE=HIDDEN NAME="CALLER" VALUE="'.$results.'">';
#    }
#@input = $q->param('INPUT');
$in=join("\n",$q->param('INPUT'));

# Print input form
#print $q->header,

print 'Content-type: text/html

<HTML><HEAD>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="no-cache" name="pragma">
<meta http-equiv="cache-control" content="no-cache">
<style type="text/css">
<!--
body, td, th {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 11px;
	color: #993300;
}

input, select {
        color : #000000;
	font-size : 10px;
        font-family : Verdana;
}
	
textarea {
        color : #000000;
	font-size : 11px;
        font-family : Courier, courier-new;
}
		

-->
</style>
<TITLE>İBU Octave-cgi</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000C0" VLINK="#0000C0">
<center><h1>İBU Octave-CGI</h1></center> 
<B>Program Girdisi</B><BR>
<p>Lütfen aşağıdaki kutucuğa octave programını giriniz.
<p>
<FORM METHOD=POST ACTION="'.$q->url.'">
<TEXTAREA NAME="INPUT" ROWS=6 COLS=74>
'.$in.'</TEXTAREA><BR><INPUT TYPE=SUBMIT VALUE="Octave\'a Gönder">
'.$results.'</FORM>';

# Basic security checks
if (($q->referer()) && ($q->referer() !~ /$allowedhost\//)) {
  print '<b>Sorry, the website which sent you here is not allowed
to run scripts here.  Email the author of the previous page and ask them
to look into it.</b>';
exit;
}

if ($in) {
# Give our input (if any) to a file , filter out some commands.
    chdir($temp);
    open(R, ">$temp/$octavefile.in");
    print R "gset term png\n";
    print R "gset output \"$pngfilename\"\n";
    $in =~ s/\r//g;
    $in =~ s/(dir|shell|system|rmdir|ls|mkdir|rename|unlink)[^\n]*//g;
    $in =~ s/(umask|mkfifo|readdir|popen|fork|cd|chdir|getpw)[^\n]*//g;
    # I think they're the only really nasty things to trap...
    print R $in."\n"; # End it politely (not an EOF at the end of a command)
    print R "quit\n";
    close R;


my $x = system(`octave --traditional -x -H -f <$temp/$octavefile.in >$temp/$octavefile.out`);

#my $x = system(`chmod 644 $pngfilename`);

# Read the output
    open(IN, "$temp/$octavefile.out");

# Tidy it up for HTML
    $results =  join(" ",<IN>);
    $results =~ s/&/&amp;/g;
    $results =~ s/</&lt;/g;
    $results =~ s/>/&gt;/g;
    close(IN);

# Print it out
    print '
<HR><B>Program Çıktısı</B><PRE>*** Octave-cgi reference '.$$.':'
.`date +%Y%m%d%H%M%S`."\n".$results
.'</PRE>

';

# Have we got a call-back name?
#    if ($in=$q->param('CALLER')) {
#        print '<HR><A HREF="'.$in.'">Return to '.$in.'</A>';
#    }
    }

if (-e "$temp/$pngfilename") { 

    if (! (-z "$temp/$pngfilename")){ 

    print "<HR><br><B>Grafik Çıktısı</B>:";
    print "<br><img src=\"http://per.ibu.edu.tr/octave/$pngfilename\">";


    }
}
print '<HR> </BODY></HTML>';