|
|
|
@ -18,6 +18,7 @@ use CGI;
|
|
|
|
|
use ClearSilver;
|
|
|
|
|
use ConfigFile;
|
|
|
|
|
use English;
|
|
|
|
|
use CGI::Carp;
|
|
|
|
|
|
|
|
|
|
# drop privileges
|
|
|
|
|
$UID = $EUID;
|
|
|
|
@ -209,11 +210,14 @@ sub log_msg
|
|
|
|
|
|
|
|
|
|
sub check_ssl
|
|
|
|
|
{
|
|
|
|
|
# BEWARE: dirty trick - is there a better way?
|
|
|
|
|
# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
|
|
|
|
|
# its own IP (localhost, of course)
|
|
|
|
|
# TODO: this does not work with a native ssl webserver
|
|
|
|
|
return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
|
|
|
|
|
# check, if we are behind a proxy with ssl (e.g. pound)
|
|
|
|
|
return (0==0) if ($ENV{'HTTP_FRONT_END_HTTPS'} =~ m/^on$/i);
|
|
|
|
|
# environment variable set (e.g. via apache directive "SetEnv HTTPS On")
|
|
|
|
|
return (0==0) if ($ENV{'HTTPS'} =~ m/^on$/i);
|
|
|
|
|
# port 80 -> not encrypted
|
|
|
|
|
return (0==1) if ($ENV{'SERVER_PORT'} = 80);
|
|
|
|
|
# other ports -> maybe ok - we accept it
|
|
|
|
|
return (0==0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -240,7 +244,7 @@ sub exec_cb_script {
|
|
|
|
|
} else {
|
|
|
|
|
# parent
|
|
|
|
|
@result = <PROG_OUT>;
|
|
|
|
|
close PROG_OUT or warn "error while running $CB_SCRIPT: $?";
|
|
|
|
|
close PROG_OUT or warn "error while running $CB_SCRIPT (params:" . join(" ",@params) . "): $?";
|
|
|
|
|
}
|
|
|
|
|
if (wantarray) {
|
|
|
|
|
return @result;
|
|
|
|
@ -413,7 +417,10 @@ my $current_admin_pw;
|
|
|
|
|
# first: check for ssl!
|
|
|
|
|
if ( ! &check_ssl()) {
|
|
|
|
|
$pagedata->setValue('Data.Error', 'NoSSL');
|
|
|
|
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $ENV{'HTTP_HOST'} . $ENV{'SCRIPT_NAME'});
|
|
|
|
|
# remove port number from HTTP_HOST
|
|
|
|
|
my $hostname = $ENV{'HTTP_HOST'};
|
|
|
|
|
$hostname =~ s/:[0-9]*//;
|
|
|
|
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $hostname . $ENV{'SCRIPT_NAME'});
|
|
|
|
|
$pagedata->setValue('Data.Redirect.Delay', "3");
|
|
|
|
|
} elsif ($query->param('action')) {
|
|
|
|
|
my $action = $query->param('action');
|
|
|
|
|