X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=licom.cgi;h=70398b26f0a9d7cfaab059ee4c6c28577a216b79;hb=HEAD;hp=70e1e723c5bfb08c3360c02a7034db13a0c7c027;hpb=3cb23a820a52afa74acedf88975edf7920ae66f9;p=licom.git
diff --git a/licom.cgi b/licom.cgi
index 70e1e72..70398b2 100755
--- a/licom.cgi
+++ b/licom.cgi
@@ -20,10 +20,11 @@ use strict;
use warnings;
use lib (qw(lib));
+use Encode (qw(encode decode is_utf8));
use CGI (':cgi');
use CGI::Carp (qw(fatalsToBrowser));
use URI::Escape;
-use Data::Dumper;
+use HTML::Entities (qw(encode_entities));
use LiCoM::Config (qw(get_config set_config read_config));
use LiCoM::Connection ();
@@ -48,7 +49,7 @@ our %FieldNames =
our $MySelf = $ENV{'SCRIPT_NAME'};
-our $Action = param ('action');
+our $Action = param_utf8 ('action');
$Action ||= 'default';
our %Actions =
@@ -63,16 +64,18 @@ our %Actions =
verify => [\&html_start, \&action_verify, \&html_end],
delete => [\&html_start, \&action_ask_del, \&html_end],
expunge => [\&html_start, \&action_do_del, \&html_end],
- vcard => \&action_vcard
+ vcard => \&action_vcard,
+ edit_group => [\&html_start, \&action_edit_group, \&html_end],
+ save_group => [\&html_start, \&action_save_group, \&html_end]
);
read_config ();
# make sure AuthLDAPRemoteUserIsDN is enabled.
die unless ($ENV{'REMOTE_USER'});
-set_config ('base_dn', $ENV{'REMOTE_USER'});
+#set_config ('base_dn', $ENV{'REMOTE_USER'});
-die unless (defined (get_config ('uri'))
+die ("Configuration is incomplete") unless (defined (get_config ('uri'))
and defined (get_config ('base_dn'))
and defined (get_config ('bind_dn'))
and defined (get_config ('password')));
@@ -82,7 +85,7 @@ LiCoM::Connection->connect
uri => get_config ('uri'),
bind_dn => get_config ('bind_dn'),
password => get_config ('password')
-) or die;
+) or die ("Unable to connect to LDAP directory server " . get_config ('uri'));
our ($UserCN, $UserID) = LiCoM::Person->get_user ($ENV{'REMOTE_USER'});
@@ -93,12 +96,12 @@ if (!$UserID and $Action ne 'save')
if (!$UserCN)
{
- die;
+ die ("No such user in the LDAP directory: " . $ENV{'REMOTE_USER'});
}
if (!defined ($Actions{$Action}))
{
- die;
+ die ("No such action: $Action");
}
if (ref ($Actions{$Action}) eq 'CODE')
@@ -121,7 +124,7 @@ exit (0);
sub action_browse
{
- my $group = param ('group');
+ my $group = param_utf8 ('group');
$group = shift if (@_);
$group ||= '';
@@ -129,18 +132,21 @@ sub action_browse
{
my @groups = LiCoM::Group->all ();
- print qq(\t\t
Contact Groups
\n\t\t\n);
+ print qq(\t\tContact groups
\n\t\t\n);
for (@groups)
{
my $group = $_;
my @members = $group->get_members ();
my $members = scalar (@members);
my $group_name = $group->name ();
- my $group_esc = uri_escape ($group_name);
+ my $group_uri = uri_escape_utf8 ($group_name);
my $desc = $group->description ();
- print qq#\t\t\t- $group_name ($members Member#, ($members == 1 ? ')' : 's)');
- print qq(
\n\t\t\t\t$desc) if ($desc);
+ print qq#\t\t\t - #,
+ encode_entities ($group_name),
+ qq# ($members Member#, ($members == 1 ? ')' : 's)');
+ print qq(
\n\t\t\t\t),
+ encode_entities ($desc) . '' if ($desc);
print " \n";
}
if (!@groups)
@@ -156,26 +162,31 @@ EOF
}
else
{
- my $group_obj = LiCoM::Group->load ($group);
- my $group_esc = uri_escape ($group_obj->name ());
+ my $group_obj = LiCoM::Group->load ($group);
+ my $group_uri = uri_escape_utf8 ($group_obj->name ());
+ my $group_html = encode_entities ($group_obj->name ());
my @member_names = $group_obj->get_members ();
+ my $desc = $group_obj->description ();
+ my $desc_html = encode_entities ($desc || '');
- print qq(\t\tContact Group "$group"
\n),
- qq(\t\t\n);
+ print qq(\t\tContact group "$group_html"
\n);
+ print qq(\t\t$desc_html
\n) if ($desc);
+ print qq(\t\t\n);
for (sort (@member_names))
{
my $cn = $_;
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
+ my $cn_html = encode_entities ($cn);
- print qq(\t\t\t- $cn
\n);
+ print qq(\t\t\t- $cn_html
\n);
}
print <
EOF
}
@@ -183,21 +194,46 @@ EOF
sub action_list
{
- my $group = param ('group');
- $group = shift if (@_);
- $group ||= '';
+ my $group_name = param_utf8 ('group');
+ $group_name = shift if (@_);
+ $group_name ||= '';
- my $title = $group ? "List of group "$group"" : 'List of all addresses';
+ my $group_name_html = encode_entities ($group_name || '');
+
+ my $title = $group_name
+ ? "List of group "$group_name_html""
+ : 'List of all addresses';
my @fields = (qw(address homephone cellphone officephone fax mail));
my @all = ();
- if ($group)
+ if ($group_name)
{
- @all = LiCoM::Person->search ([[group => $group]]);
+ my $group_obj = LiCoM::Group->load ($group_name);
+ if (!$group_obj)
+ {
+ print <
+ Unable to load group "$group_name_html".
+
+HTML
+ return;
+ }
+ for ($group_obj->get_members ())
+ {
+ my $cn = $_;
+ my $person_obj = LiCoM::Person->load ($cn);
+
+ if (!$person_obj)
+ {
+ print STDERR "Unable to load cn = $cn;\n";
+ next;
+ }
+ push (@all, $person_obj);
+ }
}
else
{
- @all = LiCoM::Person->search ();
+ @all = LiCoM::Person->search ([[group => $group_name]]);
}
print <name () cmp $b->name () } (@all))
{
my $person = $_;
+ my $cn = $person->name ();
my $sn = $person->lastname ();
my $gn = $person->firstname ();
+ my $cn_uri = uri_escape_utf8 ($cn);
+ my $cn_html = encode_entities ("$sn, $gn");
+
print "\t\t\t\n",
- "\t\t\t\t$sn, $gn | \n";
+ qq(\t\t\t\t$cn_html | \n);
for (@fields)
{
my $field = $_;
my @values = $person->get ($field);
- print "\t\t\t\t" . join (' ', @values) . " | \n";
+ print "\t\t\t\t" . join (' ', map { markup_field ($field, $_) } (@values)) . " | \n";
}
print "\t\t\t
\n";
}
print "\t\t\n\n";
- if ($group)
+ if ($group_name)
{
- my $group_esc = uri_escape ($group);
+ my $group_esc = uri_escape_utf8 ($group_name);
print qq(\t\t\n);
}
else
@@ -246,26 +286,27 @@ EOF
sub action_detail
{
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = shift if (@_);
die unless ($cn);
+ my $cn_html = encode_entities ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
+
my $person = LiCoM::Person->load ($cn);
if (!$person)
{
- print qq(\tEntry "$cn" could not be loaded from DB.
\n);
+ print qq(\tEntry "$cn_html" could not be loaded from DB.
\n);
return;
}
- print qq(\t\tDetails for $cn
\n);
-
- my $cn_esc = uri_escape ($cn);
+ print qq(\t\tDetails for $cn_html
\n);
print <
Name |
- $cn |
+ $cn_html |
EOF
for (@MultiFields)
@@ -273,39 +314,25 @@ EOF
my $field = $_;
my $values = $person->get ($field);
my $num = scalar (@$values);
- my $print = defined ($FieldNames{$field}) ? $FieldNames{$field} : $field;
+ my $field_name = defined ($FieldNames{$field}) ? $FieldNames{$field} : $field;
next unless ($num);
+ $field_name = encode_entities ($field_name);
+
print "\t\t\t\n";
if ($num > 1)
{
- print qq(\t\t\t\t$print | \n);
+ print qq(\t\t\t\t$field_name | \n);
}
else
{
- print qq(\t\t\t\t$print | \n);
+ print qq(\t\t\t\t$field_name | \n);
}
for (my $i = 0; $i < $num; $i++)
{
- my $val = $values->[$i];
-
- if ($field eq 'group')
- {
- my $val_esc = uri_escape ($val);
- $val = qq($val);
- }
- elsif ($field eq 'uri')
- {
- my $uri = $val;
- $uri = qq(http://$val) unless ($val =~ m#^[a-z]+://#);
- $val = qq($val);
- }
- elsif ($field eq 'mail')
- {
- $val = qq($val);
- }
+ my $val = markup_field ($field, $values->[$i]);
print "\t\t\t
\n" if ($i);
print "\t\t\t\t$val | \n",
@@ -323,10 +350,11 @@ EOF
{
my $group = $groups[$i];
my $group_name = $group->name ();
- my $group_esc = uri_escape ($group_name);
+ my $group_uri = uri_escape_utf8 ($group_name);
+ my $group_html = encode_entities ($group_name);
print "\t\t\t
\n" if ($i != 0);
- print qq(\t\t\t\t$group_name | \n),
+ print qq(\t\t\t\t$group_html | \n),
"\t\t\t
\n";
}
}
@@ -335,10 +363,10 @@ EOF
EOF
@@ -346,7 +374,7 @@ EOF
sub action_search
{
- my $search = param ('search');
+ my $search = param_utf8 ('search');
$search ||= '';
$search =~ s/[^\s\w]//g;
@@ -388,9 +416,10 @@ sub action_search
{
my $person = $_;
my $cn = $person->name ();
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape_utf8 ($cn);
+ my $cn_html = encode_entities ($cn);
- print qq(\t\t- $cn
\n);
+ print qq(\t\t- $cn_html
\n);
}
print qq(\t
\n);
}
@@ -399,11 +428,13 @@ sub action_edit
{
my %opts = @_;
- my $cn = param ('cn');
+ my $cn = param_utf8 ('cn');
$cn = $opts{'cn'} if (defined ($opts{'cn'}));
$cn ||= '';
+ my $cn_html = encode_entities ($cn);
+
if (!$UserID)
{
$cn = $UserCN;
@@ -414,6 +445,9 @@ sub action_edit
my $lastname;
my $firstname;
+ my $lastname_html;
+ my $firstname_html;
+
my $contacts = {};
$contacts->{$_} = [] for (@MultiFields);
@@ -436,13 +470,16 @@ sub action_edit
}
}
- $lastname = param ('lastname') if (param ('lastname') and $UserID);
- $firstname = param ('firstname') if (param ('firstname') and $UserID);
+ $lastname = param_utf8 ('lastname') if (param_utf8 ('lastname') and $UserID);
+ $firstname = param_utf8 ('firstname') if (param_utf8 ('firstname') and $UserID);
get_contacts ($contacts);
$lastname = $opts{'lastname'} if (defined ($opts{'lastname'}));
$firstname = $opts{'firstname'} if (defined ($opts{'firstname'}));
+ $lastname_html = encode_entities ($lastname);
+ $firstname_html = encode_entities ($firstname);
+
for (@MultiFields)
{
my $field = $_;
@@ -451,7 +488,7 @@ sub action_edit
if ($cn)
{
- print "\t\tEdit contact $cn
\n";
+ print "\t\tEdit contact $cn_html
\n";
}
else
{
@@ -459,20 +496,20 @@ sub action_edit
}
print <
+