senselab/codekasten
4
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ALT-tags for help-images changed to TITLE

Browse source 
use of command line option "-c" replaced by a "ALLOW_CREATE"-line in webusers
This commit is contained in:
io 2005-01-20 13:37:18 +00:00
parent 07bc3f6ed3
commit 1851c8b799
3 changed files with 52 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ezmlm-web-ng/ezmlm-web-2.1-ng/TODO.ng Normal file
View file

@ -0,0 +1 @@
check permission before actions like "change", "create" or "delete" - the command could be arbitrarily injected into GET

75
ezmlm-web-ng/ezmlm-web-2.1-ng/ezmlm-web.cgi
View file

@ -53,8 +53,8 @@ use CGI::Carp qw(fatalsToBrowser set_message);
my $q = new CGI;
$q->import_names('Q');
use vars qw[$opt_c $opt_d $opt_C];
getopts('cd:C:');
use vars qw[$opt_d $opt_C];
getopts('d:C:');
# Suid stuff requires a secure path.
$ENV{'PATH'} = '/bin';
@ -105,7 +105,7 @@ if(defined($Q::action) && $Q::action eq '[Web Archive]') {
}
# Print header on every page ...
print $q->header(-pragma=>'no-cache', '-cache-control'=>'no-cache', -expires=>'-1d' '-Content-Type'=>'text/html; charset=utf-8');
print $q->header(-pragma=>'no-cache', '-cache-control'=>'no-cache', -expires=>'-1d', '-Content-Type'=>'text/html; charset=utf-8');
print $q->start_html(-title=>$HTML_TITLE, -author=>'guy-ezmlm@rucus.ru.ac.za', -BGCOLOR=>$HTML_BGCOLOR, -LINK=>$HTML_LINK, -VLINK=>$HTML_VLINK, -TEXT=>$HTML_TEXT, -expires=>'-1d');
print $HTML_HEADER;
@ -285,7 +285,7 @@ sub select_list {
print '</TD><TD ALIGN="left" VALIGN="top">', $LANGUAGE{'chooselistinfo'};
print $q->submit(-name=>'action', -value=>"[$BUTTON{'create'}]"), ' ' if (!defined($opt_c));
print $q->submit(-name=>'action', -value=>"[$BUTTON{'create'}]"), ' ' if (&webauth_create_allowed == 0);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'edit'}]"), ' ' if(defined(@lists));
print $q->submit(-name=>'action', -value=>"[$BUTTON{'delete'}]") if(defined(@lists));
print '</TD></TR><TR><TD> </TD></TR></TABLE></CENTER>';
@ -336,17 +336,17 @@ sub display_list {
print '</TD><TD VALIGN="top" ALIGN="left">';
print ' ', ($#subscribers + 1), ' ', $LANGUAGE{'subscribers'}, '<BR>' if defined(@subscribers);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'deleteaddress'}]"), '<P>' if defined(@subscribers);
print $q->textfield(-name=>'addsubscriber', -size=>'40'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'addaddress'}, '"><BR>';
print $q->filefield(-name=>'addfile', -size=>20, -maxlength=>100), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'addaddressfile'}, '"><br>' if ($FILE_UPLOAD);
print $q->textfield(-name=>'addsubscriber', -size=>'40'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'addaddress'}, '"><BR>';
print $q->filefield(-name=>'addfile', -size=>20, -maxlength=>100), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'addaddressfile'}, '"><br>' if ($FILE_UPLOAD);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'addaddress'}]"), '<P>';
print '<STRONG>', $LANGUAGE{'additionalparts'}, ':</STRONG><BR>' if($list->ismodpost || $list->ismodsub || $list->isremote || $list->isdeny || $list->isallow || $list->isdigest);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'moderators'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'moderator'}, '"> ' if ($list->ismodpost || $list->ismodsub || $list->isremote);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'denylist'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'deny'}, '"> ' if ($list->isdeny);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'allowlist'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'allow'}, '"> ' if ($list->isallow);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'digestsubscribers'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'digest'}, '"> ' if ($list->isdigest);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'moderators'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'moderator'}, '"> ' if ($list->ismodpost || $list->ismodsub || $list->isremote);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'denylist'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'deny'}, '"> ' if ($list->isdeny);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'allowlist'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'allow'}, '"> ' if ($list->isallow);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'digestsubscribers'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'digest'}, '"> ' if ($list->isdigest);
print '<P>';
print $q->submit(-name=>'action', -value=>"[$BUTTON{'webarchive'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'webarch'}, '"> ' if(&ezmlmcgirc);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'configuration'}]"), '<IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'config'}, '">&nbsp;&nbsp;&nbsp;';
print $q->submit(-name=>'action', -value=>"[$BUTTON{'webarchive'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'webarch'}, '"> ' if(&ezmlmcgirc);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'configuration'}]"), '<IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'config'}, '">&nbsp;&nbsp;&nbsp;';
print $q->submit(-name=>'action', -value=>"[$BUTTON{'selectlist'}]");
print '</TD></TR><TR><TD> </TD></TR></TABLE></CENTER>';
print $q->endform;
@ -536,13 +536,13 @@ sub part_subscribers {
$moderated = '<BLINK><FONT COLOR=#ff0000>' if ($postpath);
$moderated .= "[$LANGUAGE{'posting'}]" if ($list->ismodpost);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" ALT="Posting Moderators are stored in a non-standard location (' . $postpath . '). You will have to edit them manually."></BLINK>' if ($postpath);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" TITLE="Posting Moderators are stored in a non-standard location (' . $postpath . '). You will have to edit them manually."></BLINK>' if ($postpath);
$moderated .= '<BLINK><FONT COLOR=#ff0000>' if ($subpath);
$moderated .= " [$LANGUAGE{'subscription'}]" if($list->ismodsub);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" ALT="Subscriber Moderators are stored in a non-standard location (' . $subpath . '). You will have to edit them manually"></BLINK>' if ($subpath);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" TITLE="Subscriber Moderators are stored in a non-standard location (' . $subpath . '). You will have to edit them manually"></BLINK>' if ($subpath);
$moderated .= '<BLINK><FONT COLOR=#ff0000>' if ($remotepath);
$moderated .= " [$LANGUAGE{'remoteadmin'}]" if($list->isremote);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" ALT="Remote Administrators are stored in a non-standard location (' . $remotepath . '). You will have to edit them manually"></BLINK>' if ($remotepath);
$moderated .= '</FONT><IMG SRC="' . $HELP_ICON_URL . '" TITLE="Remote Administrators are stored in a non-standard location (' . $remotepath . '). You will have to edit them manually"></BLINK>' if ($remotepath);
}
@ -566,8 +566,8 @@ sub part_subscribers {
print $q->scrolling_list(-name=>'delsubscriber', -size=>$scrollsize, -values=>\@subscribers, -multiple=>'true', -labels=>&pretty_names) if defined(@subscribers);
print '</TD></TR><TR><TD VALIGN="top" ALIGN="left">';
print $q->submit(-name=>'action', -value=>"[$BUTTON{'deleteaddress'}]"), '<P>' if defined(@subscribers);
print $q->textfield(-name=>'addsubscriber', -size=>'40'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'addaddress'}, '"><BR>';
print $q->filefield(-name=>'addfile', -size=>20, -maxlength=>100), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'addaddressfile'}, '"><br>' if ($FILE_UPLOAD);
print $q->textfield(-name=>'addsubscriber', -size=>'40'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'addaddress'}, '"><BR>';
print $q->filefield(-name=>'addfile', -size=>20, -maxlength=>100), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'addaddressfile'}, '"><br>' if ($FILE_UPLOAD);
print $q->submit(-name=>'action', -value=>"[$BUTTON{'addaddress'}]"), '<P>';
print $q->submit(-name=>'action', -value=>"[$BUTTON{'subscribers'}]");
print '</TD></TR><TR><TD> </TD></TR></TABLE></CENTER>';
@ -601,10 +601,10 @@ sub allow_create_list {
print '<H2 ALIGN=CENTER>', $LANGUAGE{'createnew'}, '</H2><HR ALIGN=center WIDTH=25%>';
print $q->startform;
print $q->hidden(-name=>'state', -value=>'create');
print '<BIG><STRONG>', $LANGUAGE{'listname'}, ': </STRONG></BIG>', $q->textfield(-name=>'list', -size=>'20'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'listname'}, '"><P>';
print '<BIG><STRONG>', $LANGUAGE{'listname'}, ': </STRONG></BIG>', $q->textfield(-name=>'list', -size=>'20'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'listname'}, '"><P>';
print '<BIG><STRONG>', $LANGUAGE{'listaddress'}, ': </STRONG></BIG>';
print $q->textfield(-name=>'inlocal', -default=>$username, -size=>'10');
print ' <BIG><STRONG>@</STRONG></BIG> ', $q->textfield(-name=>'inhost', -default=>$hostname, -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'listadd'}, '"><P>';
print ' <BIG><STRONG>@</STRONG></BIG> ', $q->textfield(-name=>'inhost', -default=>$hostname, -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'listadd'}, '"><P>';
print '<P><BIG><STRONG>', $LANGUAGE{'listoptions'}, ':</STRONG></BIG>';
&display_options($DEFAULT_OPTIONS);
@ -612,12 +612,12 @@ sub allow_create_list {
# Allow creation of mysql table if the module allows it
if($Mail::Ezmlm::MYSQL_BASE) {
print '<P> ', $q->checkbox(-name=>'sql', -label=>$LANGUAGE{'mysqlcreate'}, -on=>1);
print ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'mysqlcreate'}, '">';
print ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'mysqlcreate'}, '">';
}
print '<P><BIG><STRONG>', $LANGUAGE{'allowedtoedit'}, ': </STRONG></BIG>',
$q->textfield(-name=>'webusers', -value=>$ENV{'REMOTE_USER'}||'ALL', -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'webusers'}, '">',
$q->textfield(-name=>'webusers', -value=>$ENV{'REMOTE_USER'}||'ALL', -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'webusers'}, '">',
'<BR><FONT SIZE="-1">', $HELPER{'allowedit'}, '</FONT>'
if(-e "$LIST_DIR/webusers");
@ -727,10 +727,10 @@ sub list_config {
$mimeremove = $list->getpart('mimeremove');
$prefix = $list->getpart('prefix');
print '<P><BIG><STRONG>', $LANGUAGE{'prefix'}, ': </STRONG></BIG>', $q->textfield(-name=>'prefix', -default=>$prefix, -size=>12), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'prefix'}, '">' if defined($prefix);
print '<P><BIG><STRONG>', $LANGUAGE{'headerremove'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'headerremove'}, '"><BR>', $q->textarea(-name=>'headerremove', -default=>$headerremove, -rows=>5, -columns=>70);
print '<P><BIG><STRONG>', $LANGUAGE{'headeradd'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'headeradd'}, '"><BR>', $q->textarea(-name=>'headeradd', -default=>$headeradd, -rows=>5, -columns=>70);
print '<P><BIG><STRONG>', $LANGUAGE{'mimeremove'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'mimeremove'}, '"><BR>', $q->textarea(-name=>'mimeremove', -default=>$mimeremove, -rows=>5, -columns=>70) if defined($mimeremove);
print '<P><BIG><STRONG>', $LANGUAGE{'prefix'}, ': </STRONG></BIG>', $q->textfield(-name=>'prefix', -default=>$prefix, -size=>12), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'prefix'}, '">' if defined($prefix);
print '<P><BIG><STRONG>', $LANGUAGE{'headerremove'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'headerremove'}, '"><BR>', $q->textarea(-name=>'headerremove', -default=>$headerremove, -rows=>5, -columns=>70);
print '<P><BIG><STRONG>', $LANGUAGE{'headeradd'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'headeradd'}, '"><BR>', $q->textarea(-name=>'headeradd', -default=>$headeradd, -rows=>5, -columns=>70);
print '<P><BIG><STRONG>', $LANGUAGE{'mimeremove'}, ':</BIG></STRONG> <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'mimeremove'}, '"><BR>', $q->textarea(-name=>'mimeremove', -default=>$mimeremove, -rows=>5, -columns=>70) if defined($mimeremove);
if(open(WEBUSER, "<$LIST_DIR/webusers")) {
my($webusers);
@ -741,7 +741,7 @@ sub list_config {
$webusers ||= $ENV{'REMOTE_USER'} || 'ALL';
print '<P><BIG><STRONG>', $LANGUAGE{'allowedtoedit'}, ': </STRONG></BIG>',
$q->textfield(-name=>'webusers', -value=>$webusers, -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" ALT="', $HELPER{'webusers'}, '">',
$q->textfield(-name=>'webusers', -value=>$webusers, -size=>'30'), ' <IMG SRC="', $HELP_ICON_URL, '" TITLE="', $HELPER{'webusers'}, '">',
'<BR><FONT SIZE="-1">', $HELPER{'allowedit'}, '</FONT>';
}
@ -908,6 +908,25 @@ sub webauth {
return 1;
}
# ---------------------------------------------------------------------------
sub webauth_create_allowed {
# Read create-permission from webusers file.
# the special listname "ALLOW_CREATE" controls, who is allowed to do it
open (USERS, "<$LIST_DIR/webusers") || die "Unable to read webusers file: $!";
while(<USERS>) {
if (/^ALLOW_CREATE:/i) {
if (/(\:\s*|,\s+)((?:$ENV{'REMOTE_USER'})|(?:ALL))\s*(,|$)/) {
close USERS; return 0;
}
}
}
close USERS;
return 1;
}
# ---------------------------------------------------------------------------
sub display_options {
@ -922,7 +941,7 @@ sub display_options {
} else {
print $q->checkbox(-name=>$i, -value=>$i, -label=>$EZMLM_LABELS{$i}[0]);
}
print '<IMG SRC="', $HELP_ICON_URL, '" BORDER="0" ALT="', $EZMLM_LABELS{$i}[1] , '">';
print '<IMG SRC="', $HELP_ICON_URL, '" BORDER="0" TITLE="', $EZMLM_LABELS{$i}[1] , '">';
print '</TD>'; $j++;
if ($j >= 3) {
$j = 0; print '</TR><TR>';
@ -939,7 +958,7 @@ sub display_options {
} else {
print $q->checkbox(-name=>$i, -value=>$i, -label=>$EZMLM_LABELS{$i}[0]);
}
print '<IMG SRC="', $HELP_ICON_URL, '" BORDER="0" ALT="', $EZMLM_LABELS{$i}[1] , '">';
print '<IMG SRC="', $HELP_ICON_URL, '" BORDER="0" TITLE="', $EZMLM_LABELS{$i}[1] , '">';
print '</TD><TD>';
print $q->textfield(-name=>"$i-value", -value=>$1||$EZMLM_LABELS{$i}[2], -size=>30);
print '</TD></TR>';

8
ezmlm-web-ng/ezmlm-web-2.1-ng/lang/de.pm
View file

@ -97,16 +97,16 @@
%HELPER = (
# These should be self explainitory
addaddress => 'Hier ist eine Mail-Adresse erforderlich. Auch Eingaben in der Form "Max Meier <max@meier.de>"',
addaddressfile => 'alternativ ist auch die Angabe einer Datei mit jeweils einer Mailadresse pro Zeile möglich',
addaddress => 'Eine Mail-Adresse - auch in der Form \'Max Meier <max@meier.de>\'',
addaddressfile => 'alternativ ist auch eine Datei mit je einer Adresse pro Zeile möglich',
moderator => 'ModeratorInnen kontrollen, welche Mails weitegeleitet und welche AbonnentInnen akzeptiert werden',
deny => 'Ausschluss: die Mail-Adressen, die NIE an die Liste schreiben dürfen',
allow => 'Zulassung: die Mail-Adressen, die trotz anderweitiger Einschränkungen immer an die Liste schreiben dürfen',
allow => 'Zulassung: die Mail-Adressen, die immer an die Liste schreiben dürfen',
digest => 'Zusammenfassung: diese Leute werden regeläßige Zusammenfassungen der Mailingliste erhalten',
webarch => 'Gehe zum Web-Archiv der Mailingliste',
config => 'Einstellungen zur Mailingliste',
listname => 'Dies ist der eindeutige Name der Mailingliste',
listadd => 'Die Adresse der Mailingliste - der Standardwert wird durch qmail festgelegt - nur der lokale Teil der Adresse sollte geändert werden',
listadd => 'Die Adresse der Mailingliste - nur der lokale Teil kann geändert werden',
webusers => 'unfertig: derzeit können Listen-Administratoren nur manuell festgelegt werden',
prefix => 'Präfix der Betreffzeile',
headerremove => 'Diese Kopfzeilen werden aus den ausgehenden Mails entfernt',