#!/usr/bin/perl -w

use CGI;
my $cgi = new CGI;
print $cgi->header;

my $message = $cgi->param('message');
my $figlet = "";

if ($message) {
  chdir "figlet/figlet22";
  my $figoutput;
  # This next obscure line of code actually forks into two processes.
  # The open(-|) creates a pipe to another process that we can read from.
  # The child does the "exec", and never returns.  The advantage is 
  # that exec() doesn't use a shell, it just passes $message directly
  # to the figlet program; therefore, there is no "escape to the shell" issue.
  open(FIG,"-|") or exec("./figlet", $message);
  while (my $line=<FIG>) { 
    $figoutput .= $line;
  }
  close FIG;
  $figlet =  "<pre>$figoutput</pre>\n";
}

print <<"END_HTML";
 <html>
  <head>
   <title>cgi figlet three</title>
  </head>
  <body>
   <h1>cgi figlet three </h1>
   <b>This version uses a safer system call which traps all characters.</b>
   <form method=POST>
     What is your message? 
     <input name="message" type="text" value="$message" size=36>
     <hr noshade size=1>
     $figlet
   </form>
  </body>
 </html>
END_HTML