#!/bin/sh ID=$QUERY_STRING validId() { case "$ID" in /*) return 1 ;; ../*) return 1 ;; */../*) return 1 ;; */..) return 1 ;; *) return 0 esac } cat << EOF Content-Type: text/html EOF bad() { cat << EOF Invalid argument

Invalid argument

EOF exit 1 } validId if [ $? -ne 0 ]; then bad fi case "$ID" in video/*) TYPE=video ;; image/*) TYPE=image ;; *) bad ;; esac showVideo() { local FILE FILE=$1 cat << EOF $NAME EOF cat << EOF
You'd see a video here if you had the correct plugin installed.

Download

EOF } showImage() { local FILE FILE=$1 cat << EOF $NAME EOF cat << EOF
$FILE
EOF } case "$TYPE" in "video") showVideo "$ID" ;; "image") showImage "$ID" ;; *) bad ;; esac cat << EOF

Valid XHTML 1.0 Strict Valid CSS!

EOF