use warnings;
use lib (qw(lib));
+use Encode (qw(encode decode is_utf8));
use CGI (':cgi');
use CGI::Carp (qw(fatalsToBrowser));
use URI::Escape;
our $MySelf = $ENV{'SCRIPT_NAME'};
-our $Action = param ('action');
+our $Action = param_utf8 ('action');
$Action ||= 'default';
our %Actions =
die unless ($ENV{'REMOTE_USER'});
#set_config ('base_dn', $ENV{'REMOTE_USER'});
-die unless (defined (get_config ('uri'))
+die ("Configuration is incomplete") unless (defined (get_config ('uri'))
and defined (get_config ('base_dn'))
and defined (get_config ('bind_dn'))
and defined (get_config ('password')));
uri => get_config ('uri'),
bind_dn => get_config ('bind_dn'),
password => get_config ('password')
-) or die ("LiCoM::Connection->connect failed.");
+) or die ("Unable to connect to LDAP directory server " . get_config ('uri'));
our ($UserCN, $UserID) = LiCoM::Person->get_user ($ENV{'REMOTE_USER'});
sub action_browse
{
- my $group = param ('group');
+ my $group = param_utf8 ('group');
$group = shift if (@_);
$group ||= '';
my @members = $group->get_members ();
my $members = scalar (@members);
my $group_name = $group->name ();
- my $group_uri = uri_escape ($group_name);
+ my $group_uri = uri_escape_utf8 ($group_name);
my $desc = $group->description ();
print qq#\t\t\t<li><a href="$MySelf?action=browse&group=$group_uri">#,
else
{
my $group_obj = LiCoM::Group->load ($group);
- my $group_uri = uri_escape ($group_obj->name ());
+ my $group_uri = uri_escape_utf8 ($group_obj->name ());
my $group_html = encode_entities ($group_obj->name ());
my @member_names = $group_obj->get_members ();
my $desc = $group_obj->description ();
for (sort (@member_names))
{
my $cn = $_;
- my $cn_uri = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
my $cn_html = encode_entities ($cn);
print qq(\t\t\t<li><a href="$MySelf?action=detail&cn=$cn_uri">$cn_html</a></li>\n);
sub action_list
{
- my $group_name = param ('group');
+ my $group_name = param_utf8 ('group');
$group_name = shift if (@_);
$group_name ||= '';
my $sn = $person->lastname ();
my $gn = $person->firstname ();
- my $cn_uri = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
my $cn_html = encode_entities ("$sn, $gn");
print "\t\t\t<tr>\n",
if ($group_name)
{
- my $group_esc = uri_escape ($group_name);
+ my $group_esc = uri_escape_utf8 ($group_name);
print qq(\t\t<div class="menu">[<a href="$MySelf?action=browse&group=$group_esc">Back</a>]</div>\n);
}
else
sub action_detail
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = shift if (@_);
die unless ($cn);
my $cn_html = encode_entities ($cn);
- my $cn_uri = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
my $person = LiCoM::Person->load ($cn);
if (!$person)
{
my $group = $groups[$i];
my $group_name = $group->name ();
- my $group_uri = uri_escape ($group_name);
+ my $group_uri = uri_escape_utf8 ($group_name);
my $group_html = encode_entities ($group_name);
print "\t\t\t<tr>\n" if ($i != 0);
sub action_search
{
- my $search = param ('search');
+ my $search = param_utf8 ('search');
$search ||= '';
$search =~ s/[^\s\w]//g;
{
my $person = $_;
my $cn = $person->name ();
- my $cn_uri = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
my $cn_html = encode_entities ($cn);
print qq(\t\t<li><a href="$MySelf?action=detail&cn=$cn_uri">$cn_html</a></li>\n);
{
my %opts = @_;
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = $opts{'cn'} if (defined ($opts{'cn'}));
$cn ||= '';
my $lastname;
my $firstname;
+ my $lastname_html;
+ my $firstname_html;
+
my $contacts = {};
$contacts->{$_} = [] for (@MultiFields);
}
}
- $lastname = param ('lastname') if (param ('lastname') and $UserID);
- $firstname = param ('firstname') if (param ('firstname') and $UserID);
+ $lastname = param_utf8 ('lastname') if (param_utf8 ('lastname') and $UserID);
+ $firstname = param_utf8 ('firstname') if (param_utf8 ('firstname') and $UserID);
get_contacts ($contacts);
$lastname = $opts{'lastname'} if (defined ($opts{'lastname'}));
$firstname = $opts{'firstname'} if (defined ($opts{'firstname'}));
+ $lastname_html = encode_entities ($lastname);
+ $firstname_html = encode_entities ($firstname);
+
for (@MultiFields)
{
my $field = $_;
}
print <<EOF;
- <form action="$MySelf" method="post">
+ <form action="$MySelf" method="post" accept-charset="UTF-8">
<input type="hidden" name="action" value="save" />
<input type="hidden" name="cn" value="$cn_html" />
<table class="edit">
EOF
if ($UserID)
{
- print qq(\t\t\t\t<td><input type="text" name="lastname" value="$lastname" /></td>\n);
+ print <<HTML;
+ <td><input type="text" name="lastname" value="$lastname_html"
+ onChange="updateTextbox ('lastname');"
+ onKeyUp="updateTextbox ('lastname');"
+ onBlur="updateTextbox ('lastname');"
+ /></td>
+HTML
}
else
{
- print qq(\t\t\t\t<td>$lastname</td>\n);
+ print qq(\t\t\t\t<td>$lastname_html</td>\n);
}
print <<EOF;
</tr>
EOF
if ($UserID)
{
- print qq(\t\t\t\t<td><input type="text" name="firstname" value="$firstname" /></td>\n);
+ print <<HTML;
+ <td><input type="text" name="firstname" value="$firstname_html"
+ onChange="updateTextbox ('firstname');"
+ onKeyUp="updateTextbox ('firstname');"
+ onBlur="updateTextbox ('firstname');"
+ /></td>
+HTML
}
else
{
- print qq(\t\t\t\t<td>$firstname</td>\n);
+ print qq(\t\t\t\t<td>$firstname_html</td>\n);
}
print "\t\t\t</tr>\n";
print <<EOF;
<tr>
<th>$print</th>
- <td><input type="text" name="$field" value="$value" /></td>
+ <td><input type="text" name="$field" value="$value"
+ onChange="updateTextbox ('$field');"
+ onKeyUp="updateTextbox ('$field');"
+ onBlur="updateTextbox ('$field');"
+ /></td>
</tr>
EOF
}
"\t\t\t</tr>\n";
}
- print "\t\t\t<tr>\n",
- "\t\t\t\t<th>New Group</th>\n",
- qq(\t\t\t\t<td><input type="text" name="newgroup" value="" /></td>\n),
- "\t\t\t</tr>\n";
+ print <<HTML;
+ <tr>
+ <th>New Group</th>
+ <td><input type="text" name="newgroup" value=""
+ onChange="updateTextbox ('newgroup');"
+ onKeyUp="updateTextbox ('newgroup');"
+ onBlur="updateTextbox ('newgroup');"
+ /></td>
+ </tr>
+HTML
}
print <<EOF;
sub action_save
{
- my $cn = $UserID ? param ('cn') : $UserCN;
+ my $cn = $UserID ? param_utf8 ('cn') : $UserCN;
if (verify_fields ())
{
die unless ($UserID);
- my $button = lc (param ('button'));
+ my $button = lc (param_utf8 ('button'));
$button ||= 'save';
if ($button eq 'cancel')
return;
}
- if (!param ('lastname') or !param ('firstname'))
+ if (!param_utf8 ('lastname') or !param_utf8 ('firstname'))
{
print qq(\t<div class="error">You have to give both, first and lastname, to identify this record.</div>\n);
action_edit (cn => '');
return;
}
- my $lastname = param ('lastname');
- my $firstname = param ('firstname');
+ my $lastname = param_utf8 ('lastname');
+ my $firstname = param_utf8 ('firstname');
my $contacts = get_contacts ();
$cn = $person->name ();
- for (param ('group'))
+ for (param_utf8 ('group'))
{
my $group_name = $_;
my $group = LiCoM::Group->load ($group_name);
}
}
- if (param ('newgroup'))
+ if (param_utf8 ('newgroup'))
{
# FIXME add error handling
- my $group_name = param ('newgroup');
+ my $group_name = param_utf8 ('newgroup');
LiCoM::Group->create ($group_name, '', $cn);
}
sub action_update
{
- my $cn = $UserID ? param ('cn') : $UserCN;
- my $person = LiCoM::Person->load ($cn);
+ my $cn = $UserID ? param_utf8 ('cn') : $UserCN;
- die unless ($person);
+ my $person = LiCoM::Person->load ($cn);
+ die ("Unable to load CN `$cn'") unless ($person);
- my $button = lc (param ('button'));
+ my $button = lc (param_utf8 ('button'));
$button ||= 'save';
if ($UserID and $button eq 'cancel')
if ($UserID)
{
- my $lastname = param ('lastname');
- my $firstname = param ('firstname');
+ my $lastname = param_utf8 ('lastname');
+ my $firstname = param_utf8 ('firstname');
+
+ my $old_cn = $person->name ();
$person->lastname ($lastname) if ($lastname and $lastname ne $person->lastname ());
$person->firstname ($firstname) if ($firstname and $firstname ne $person->firstname ());
$cn = $person->name ();
- # FIXME Fix groups:
- # Each group is one entry of type (objectClass=groupOfNames)
- # with one or more `member' attributes. These attributes are
- # the `dn' (distinguished name) of the member entries.
+
+ # Change the cn's saved in the groups
+ if ($old_cn ne $cn)
+ {
+ my @groups = LiCoM::Group->load_by_member ($old_cn);
+ for (@groups)
+ {
+ # ->del_members automatically deleted the
+ # group, if no more members exist. So this
+ # order is important.
+ $_->add_members ($cn);
+ $_->del_members ($old_cn);
+ }
+ } # if ($old_cn ne $cn)
}
my $contacts = get_contacts ();
# only `authorized' users may see and change groups
if ($UserID)
{
- my %changed_groups = map { $_ => 1 } (param ('group'));
+ my %changed_groups = map { $_ => 1 } (param_utf8 ('group'));
my @current_groups = LiCoM::Group->load_by_member ($cn);
for (@current_groups)
$group_obj->add_members ($cn);
}
- if (param ('newgroup'))
+ if (param_utf8 ('newgroup'))
{
# FIXME add error handling
- my $group_name = param ('newgroup');
+ my $group_name = param_utf8 ('newgroup');
LiCoM::Group->create ($group_name, '', $cn);
}
}
sub action_vcard
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = shift if (@_);
die unless ($cn);
my $sn = $person->lastname ();
my $gn = $person->firstname ();
- my $cn_esc = uri_escape ($cn);
+ my $cn_esc = uri_escape_utf8 ($cn);
print <<EOF;
Content-Type: text/x-vcard
sub action_verify
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = shift if (@_);
die unless ($cn);
my ($owner_mail) = $owner->get ('mail');
if (!$owner_mail)
{
- my $cn_uri = uri_escape ($UserCN);
+ my $cn_uri = uri_escape_utf8 ($UserCN);
print qq(\t\t<div class="error">You have no email set in your own profile. <a href="$MySelf?action=edit&cn=$cn_uri">Edit it now</a>!</div>\n);
return (0);
}
sub action_ask_del
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn or die;
my $person = LiCoM::Person->load ($cn);
$person or die;
- my $cn_uri = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
my $cn_html = encode_entities ($cn);
print <<EOF;
sub action_do_del
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn or die;
my $cn_html = encode_entities ($cn);
sub action_edit_group
{
- my $group_name = param ('group') or die;
+ my $group_name = param_utf8 ('group') or die;
my $group_name_html = encode_entities ($group_name);
print <<HTML;
<h2>Edit contact group "$group_name_html"</h2>
- <form action="$MySelf" method="post">
+ <form action="$MySelf" method="post" accept-charset="UTF-8">
<input type="hidden" name="action" value="save_group" />
<input type="hidden" name="group" value="$group_name_html" />
<table>
</tr>
<tr>
<th>Description</th>
- <td><input type="text" name="description" value="$desc_html" /></td>
+ <td><input type="text" name="description" value="$desc_html"
+ onChange="updateTextbox ('description');"
+ onKeyUp="updateTextbox ('description');"
+ onBlur="updateTextbox ('description');"
+ /></td>
</tr>
<tr>
<th colspan="2"><input type="submit" name="button" value="Save" /></th>
sub action_save_group
{
- my $group_name = param ('group') or die;
+ my $group_name = param_utf8 ('group') or die;
my $group_name_html = encode_entities ($group_name);
return;
}
- my $desc = param ('description');
+ my $desc = param_utf8 ('description');
$group_obj->description ($desc);
action_browse ();
<html>
<head>
<title>$title</title>
- <style type="text/css">
- <!--
- \@media screen
- {
- a
- {
- color: blue;
- background-color: inherit;
- text-decoration: none;
- }
-
- a:hover
- {
- text-decoration: underline;
- }
-
- a:visited
- {
- color: navy;
- background-color: inherit;
- }
-
- body
- {
- color: black;
- background-color: white;
- }
-
- div.error
- {
- color: red;
- background-color: yellow;
-
- font-weight: bold;
- padding: 1ex;
- border: 2px solid red;
- }
-
- div.foot
- {
- color: gray;
- background-color: white;
-
- position: fixed;
- top: auto;
- right: 0px;
- bottom: 0px;
- left: 0px;
-
- font-size: x-small;
- text-align: right;
- border-top: 1px solid black;
- width: 100%;
- }
-
- div.foot a
- {
- color: black;
- background-color: inherit;
- text-decoration: none;
- }
-
- div.foot a:hover
- {
- text-decoration: underline;
- }
-
- div.menu
- {
- border-top: 1px solid black;
- margin-top: 1ex;
- font-weight: bold;
- }
-
- div.menu a
- {
- color: blue;
- background-color: transparent;
- }
-
- div.topmenu
- {
- margin-bottom: 1ex;
- padding-bottom: 1ex;
- border-bottom: 1px solid black;
- }
-
- div.topmenu form
- {
- display: inline;
- margin-right: 5ex;
- }
-
- h1
- {
- position: absolute;
- top: 1ex;
- right: 1ex;
- bottom: auto;
- left: auto;
-
- font-size: 100%;
- font-weight: bold;
- }
-
- img
- {
- border: none;
- }
-
- table.list
- {
- width: 100%;
- border: 2px solid #d0d0d0;
- }
-
- table.list td
- {
- empty-cells: show;
- }
-
- td
- {
- color: black;
- background-color: #e8e8e8;
- vertical-align: top;
- }
-
- th
- {
- color: black;
- background-color: #d0d0d0;
- padding: 0.3ex;
- text-align: left;
- vertical-align: top;
- }
+ <link rel="stylesheet" type="text/css" href="style.screen.css" media="screen" />
+ <link rel="stylesheet" type="text/css" href="style.print.css" media="print" />
+ <script type="text/javascript" src="html_entities.js"></script>
+ <script type="text/javascript">
+function updateTextbox (name)
+{
+ var arrTb = document.getElementsByName (name);
+ var objTb;
+ var objStr;
- ul.groups li
- {
- margin-top: 0.5ex;
- }
- }
+ if (!arrTb || (arrTb.length < 1))
+ return (true);
- \@media print
+ for (var i = 0; i < arrTb.length; i++)
+ {
+ objStr = decode_entities (arrTb[i].value);
+ if (arrTb[i].value != objStr)
{
- a
- {
- color: inherit;
- background-color: inherit;
- text-decoration: underline;
- }
-
- div.topmenu, div.menu
- {
- display: none;
- }
-
- div.foot
- {
- font-size: 50%;
- text-align: right;
- }
-
- h1
- {
- display: none;
- }
-
- h2
- {
- font-size: 100%;
- }
-
- table
- {
- border-collapse: collapse;
- }
-
- table.list
- {
- width: 100%;
- }
-
- table.list td
- {
- empty-cells: show;
- }
-
- table.list th
- {
- border-bottom-width: 2px;
- }
-
- td, th
- {
- border: 1px solid black;
- vertical-align: top;
- }
-
- th
- {
- font-weight: bold;
- text-align: center;
- }
+ arrTb[i].value = objStr;
+ /* arrTb[i].focus (); */
}
- //-->
- </style>
+ }
+
+ return (true);
+}
+ </script>
</head>
<body>
if ($UserID)
{
- my $search = param ('search') || '';
+ my $search = param_utf8 ('search') || '';
$search = encode_entities ($search);
print <<EOF;
<div class="topmenu">
- <form action="$MySelf" method="post">
+ <form action="$MySelf" method="post" accept-charset="UTF-8">
<input type="hidden" name="action" value="browse" />
<input type="submit" name="button" value="Browse" />
</form>
- <form action="$MySelf" method="post">
+ <form action="$MySelf" method="post" accept-charset="UTF-8">
<input type="hidden" name="action" value="search" />
- <input type="text" name="search" value="$search" />
+ <input type="text" name="search" value="$search"
+ onChange="updateTextbox ('search');"
+ onKeyUp="updateTextbox ('search');"
+ onBlur="updateTextbox ('search');"
+ />
<input type="submit" name="button" value="Search" />
</form>
- <form action="$MySelf" method="post">
+ <form action="$MySelf" method="post" accept-charset="UTF-8">
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="dn" value="" />
<input type="submit" name="button" value="Add New" />
sub verify_fields
{
my @errors = ();
- for (param ('uri'))
+ for (param_utf8 ('uri'))
{
my $val = $_;
next unless ($val);
}
}
- for (param ('homephone'), param ('cellphone'), param ('officephone'), param ('fax'))
+ for (param_utf8 ('homephone'), param_utf8 ('cellphone'), param_utf8 ('officephone'), param_utf8 ('fax'))
{
my $number = $_;
next unless ($number);
my $field = shift;
my $value = shift;
- my $value_uri = uri_escape ($value);
+ my $value_uri = uri_escape_utf8 ($value);
my $value_html = encode_entities ($value);
if ($field eq 'group')
{
if ($value =~ m#^([a-z]+)://(.+)$#)
{
- $value_uri = $1 . '://' . uri_escape ($2);
+ $value_uri = $1 . '://' . uri_escape_utf8 ($2);
+ $value_uri =~ s#%2f#/#gi;
}
else
{
- $value_uri = 'http://' . uri_escape ($value);
+ $value_uri = 'http://' . uri_escape_utf8 ($value);
}
return (qq(<a href="$value_uri" class="extern">$value_html</a>));
}
elsif ($field eq 'mail')
{
+ $value_uri =~ s/%40/@/g;
return (qq(<a href="mailto:$value_uri" class="mail">$value_html</a>));
}
return ($value_html);
for (@MultiFields)
{
my $field = $_;
- my @values = grep { $_ } (param ($field));
+ my @values = grep { $_ } (param_utf8 ($field));
next unless (@values);
return ($contacts);
}
+
+sub is_valid_utf8
+{
+ my $str = join ('', @_);
+
+ # Taken from here: <http://www.w3.org/International/questions/qa-forms-utf-8>
+ return ($str =~ m/^(
+ [\x09\x0A\x0D\x20-\x7E] # ASCII
+ | [\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte
+ | \xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs
+ | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte
+ | \xED[\x80-\x9F][\x80-\xBF] # excluding surrogates
+ | \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
+ | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
+ | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
+ )*$/x);
+}
+
+sub param_utf8
+{
+ my @args = @_;
+ my @ret = ();
+
+ @ret = grep { is_valid_utf8 ($_) } (param (@args));
+ $_ = decode ('UTF-8', $_) for (@ret);
+ return (wantarray () ? @ret : $ret[0]);
+}
+
+sub uri_escape_utf8
+{
+ return (uri_escape (encode ('UTF-8', shift)));
+}