#!/usr/bin/perl -Tw

# --- Fixing the taint error message : 

# --- (1) Set the PATH   (you should do this for all taint mode scripts)
$ENV{PATH} = "/bin:/usr/bin";

use CGI;
use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header;

my $message = $cgi->param('message');
my $figlet;

# Do not try to pull out "bad" characters, like ";".
# Instead, only allow the minimal needed set of "good" characters.
if ($message =~ /[^a-zA-Z0-9 ]/) {
  $figlet = 
    "<font color='red'><b>OOPS</b><br>" .
    "Your message contains illegal characters<br>" .
    "Please use only letters and numbers without puncuation.</font>";
}
elsif ($message) {

# --- (2) Untaint the user input with a regular expression match.
  $message =~ m/^(.*)$/;
  my $clean = $1;

# --- (3) Use "chdir" rather than `cd` .
  chdir "figlet/figlet22";

  $figlet = "<pre>" . `./figlet $clean`  ."</pre>\n";
}

print <<"END_HTML";
 <html>
  <head>
   <title>cgi figlet one</title>
  </head>
  <body>
   <h1>cgi figlet taint 2</h1>
   <b>Trying to fix the taint error messages...</b>
   <form method=POST>
     What is your message? 
     <input name="message" type="text" value="$message" size=36>
     <hr noshade size=1>
     $figlet
   </form>
  </body>
 </html>
END_HTML