#!/bin/sh
##########################
#------------------------#
# HTml SHell Lite v. 0.4 #
#------------------------#
#      (c) 09.1999,      #
#    Nikolay Mijaylov    #
#------------------------#
#   http://www.nmmm.nu   #
#      nmmm@nmmm.nu      #
#------------------------#
# feel free to e_mail me #
#   for comments, bugs,  #
#    ideas, hacks etc    #
#------------------------#
#    Distibution: GPL    #
#------------------------#
##########################
#
# How to use it?
#---------------
# 1. Make a HTMLs with embedding SHell script...
#
# $cat x.htsh
# <HTML><Blalala>`echo Hello`</Blalala></HTML>
# $
#
# You can use <`commands`> tags instead "``"
#
# $cat x.htsh
# <HTML><Blalala><`echo Hello`></Blalala></HTML>
# $
#
# 2. Make default action in Apache:
#
# AddType text/htsh .htsh
# Action  text/htsh /cgi-bin/htsh
#
# 3. Go for it:
#
# lynx www.somewhere.dom/x.htsh
#
# 4. Think about security ... I give you NO WARRIATY !
# (it is same as ASP or PHP, when they are in CGI-BIN)
#
# 5. Enjoy
#

#####################
#
# BUGS:
# 1. There is not URL decode (actualy it process only %20
#
# 2. Some small security bugs... (Are there?)
#

#####################
# Query String parser
#

process_name(){
	# Remove BAD Charactes from name
	echo "$1" | tr -d "[:space:][:punct:][:digit:][:cntrl:]"
}

process_value(){
	# URL Decode IT ( @@@ not implemented 100 % yet @@@ )
	echo "$1" | replace "%20" " " | replace "+" " " | encode.sh
}

process_query(){
	read NAME VALUE

	NAME=`process_name "$NAME"`
	VALUE=`process_value "$VALUE"`

	# Error hide, and fixing old HACK HOLE :)
	if [ "$NAME" != "" ]; then
		echo "$NAME=\"$VALUE\""
	fi
}

print_query(){
	while read FIELD; do
		# Remove spaces and Cut it into two parts
		echo $FIELD | tr -d " " | tr "=" " " | process_query
	done
}

parse_query(){
	echo "$QUERY_STRING" | tr "&" "\n" | print_query
}

#
# Query String parser
#####################

cat_html(){
	cat "$PATH_TRANSLATED" | 
		sed -e "s/$OPENTAG/\`/" |
		sed -e "s/$CLOSETAG/\`/" |
		sed -e "s/$MARK/DONT USE MARK NEXT TIME/"
}

# WARNING:
#---------
#   Dear friend, dont think, that if you are using
# the string like $MARK in HTML file, this will be
# crack :))) This will be feature, but you cannot
# get anything from it...
#
#   Anyway I reject any text as $MARK
#

if [ "$REQUEST_METHOD" = "POST" ] ; then
	read "QUERY_STRING" ;
fi

    MARK="---THE_END_OF_THIS_FUCKING_FILE_THAT_I_USE_HERE---"
 OPENTAG="<\`"
CLOSETAG="\`>"

THE_SOURCE=\
"#/bin/sh
`parse_query`
cat << $MARK
content-type: text/html

`cat_html`
$MARK
"

printf "$THE_SOURCE" | /bin/sh