diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/CHANGES b/ezmlm-web-ng/ezmlm-web-2.1-ng/CHANGES
index 58b2a08..5de2a93 100644
--- a/ezmlm-web-ng/ezmlm-web-2.1-ng/CHANGES
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/CHANGES
@@ -82,3 +82,10 @@ Version 2.1 - 25/09/00
* Fixed the '_' in list names problem
* Added support for file uploads of email addresses (multiple subscribe)
* Made error handling more friendly
+
+Version 2.2 - 26/01/02005
+* German translation of the web interface - more translations can be added easily
+* changed "ALT"-tags to "TITLE" - most browsers will display the tooltip texts now
+* fixed security problems (permissions were not thoroughly check)
+* user-based permission for creating lists (can be set in webusersrc)
+* the location of the webusers file is now an option in ezmlmwebrc
diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/INSTALL b/ezmlm-web-ng/ezmlm-web-2.1-ng/INSTALL
new file mode 100644
index 0000000..ce3811f
--- /dev/null
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/INSTALL
@@ -0,0 +1,89 @@
+1. Copy ezmlm-web.cgi to some publically readable directory. It does not
+ have to be in a path accessible to your web server, but any user with a
+ mailing list must be able to run it (Check the read and execute rights
+ on both the file and directory). We put our copy in
+ /usr/local/bin ...
+
+3. Edit the ezmlmwebrc file and alter the variables at the top to suit
+ your particular system. In particular, you will probably have to change
+ the $ENV{'PATH'} variable. Be particularly careful about what you set
+ as the path. Too much is a security risk and too little will cause the
+ script to malfunction. Version 2.0 requires that the following programs
+ be accessible in your path; mv, rm
+
+ Also be careful about the $LIST_DIR variable. This script assumes that
+ all users store their mailing lists in the same sub directory of the
+ home directory (eg ~/lists). You can override this for an individual
+ user by recompiling the C wrapper to call ezmlm-web.cgi with a -d
+ option.
+
+ Other configurable options are documented in the ezmlmwebrc file
+ itself. I have tried to keep the amount of information that you need to
+ supply to a minimum and also make reasonable guesses about default
+ values.
+
+ finally, copy the ezmlmwebrc file and the "lang" directory to one of
+ the following places:
+ - /etc/ezmlm
+ - the home directory of the user that runs ezmlm-web.cgi
+ - the directory, that contains your ezmlm-web.cgi file
+
+4. Edit the index.c file and change the path to the path of your copy
+ of ezmlm-web.cgi. Then compile this file. You can do this by issuing
+ the command; gcc -o index.cgi index.c
+
+5. For every user/virtual host that needs to manage mailing lists, you
+ need to create a SUID (user not root!!) copy of index.cgi (see
+ chmod(1) for details). These need to reside somewhere accessible by
+ the web server. I suggest that you put them in a sub directory (see
+ about security) of each user/virtual host's home directory (eg
+ /home/luser/public_html/ezmlm for Apache on Redhat).
+
+ The copies don't actually have to be called index.cgi, but it is nice
+ for web servers that can resolve a cgi script as an index page (see the
+ srm.conf file in Apache). It is important to make sure that whichever
+ directory you choose to put them can i: Execute CGI Scripts and ii: Be
+ access controlled (here I mean both web and user access) by some method
+ (eg .htaccess, access.conf for Apache).
+
+6. Install some method of securing access to the page. The following
+ information is applicable to Apache web servers ... Detailed
+ information on user authentication can be obtained from the Apache
+ documentation (http://www.apache.org) and ApacheWeek
+ (http://www.apacheweek.com/features/userauth)
+
+6.1 Ensure that your Apache setup will allow .htaccess file to control
+ access in the directory that contains. This is controlled by the
+ AllowOverride tag in access.conf. (Also ensure you have the
+ necessary Apache modules installed)
+
+6.2 Create a htpasswd file. This is done using the htpasswd command that
+ comes with Apache. Its command line syntax is;
+ htpasswd [-c] passwordfile username
+
+ You need to put the passwordfile somewhere that is not accessible by
+ people through the web, and create an entry for each user you want
+ to have access ... See the ApacheWeek article for more details.
+
+6.3 Create a .htaccess file in the directory that contains index.cgi.
+ Note that using Apache's built in access control, you can only control
+ access to directories, not individual files, hence the need for a
+ sub-directory in step 5.
+
+ The format of the .htaccess file should be along the lines of this;
+
+ AuthName EZ Mailing List Manager
+ AuthType Basic
+ AuthUserFile /path/to/passwordfile
+ require valid-user # or require user username
+
+ Again, see the ApacheWeek article for details.
+
+7. Test the installation through the web. You should be asked for a
+ username and password (supplied in 6.2) and then be presented with a
+ screen entitled EZ Mailing List Manger. You can then try to create and
+ edit mailing lists ... Have Fun :)
+
+If you have any problems, then you can:
+- take a look at https://systemausfall.org/toolforge/ezmlm-web
+- send me an email: ezmlm-web@sumpfralle.de
diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/README b/ezmlm-web-ng/ezmlm-web-2.1-ng/README
index b712636..f774c85 100644
--- a/ezmlm-web-ng/ezmlm-web-2.1-ng/README
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/README
@@ -4,19 +4,21 @@ $Id: README,v 1.2 2000/09/25 17:57:21 guy Exp $
| ezmlm-web-2.1 |
=================
+If you only want to know how to install ezmlm-web, then you should
+read INSTALL.
+
Contents
========
I. Copyright Stuff
II. Some Background
III. Requirements
IV. Files
- V. Installation
- VI. Notes
- VII. Multi-level list access
-VIII. Language Portability
- IX. Bugs && Bug Reports
- X. Acknowledgements
- XI. Availability
+ V. Notes
+ VI. Multi-level list access
+ VII. Language Portability
+VIII. Bugs && Bug Reports
+ XI. Acknowledgements
+ X. Availability
I. Copyright Stuff - essentially the FreeBSD licence ...
@@ -76,13 +78,17 @@ file or in the access.conf file. ApacheWeek have a good article on doing
this at http://www.apacheweek.com/features/userauth. I also give examples
later in this document.
-This version of ezmlm-web (2.0) is based to a large extent on previous
+This version of ezmlm-web is based to a large extent on previous
versions that I have developed. It has however been totally re-written to
make use of the Mail::Ezmlm perl module I wrote. At the same time it was
updated and extended to include the new features of ezmlm-idx. It includes
many new features that have been suggested to me over the last few months,
and hopefully is now useful to a much larger group of people.
+Since 02005 ezmlm-web is maintained by Lars Kruse (ezmlm-web@sumpfralle.de).
+Only minor improvements had to be implemented to keep the already fully
+functional ezmlm-web up to date.
+
III. Requirements
=================
This version of ezmlm-web requires the following;
@@ -108,14 +114,15 @@ IV. Files
=========
In this distribution you should find 8 files;
-README This file. Provides some background information, notes on
- installation, etc. Not needed to run ezmlm-web.
+README This file. Provides some background information.
+ Not needed to run ezmlm-web.
+
+INSTALL Notes on installation. Not needed to run ezmlm-web.
CHANGES The change history. Not needed to run ezmlm-web
TODO This file is a list of things I intend doing in future
- versions of ezmlm-web. That is if there are any future
- versions :) Not needed to run ezmlm-web.
+ versions of ezmlm-web. Not needed to run ezmlm-web.
ezmlm-web.cgi The ezmlm-web script proper. This program requires that
you have perl5 installed on your machine and that your web
@@ -127,101 +134,20 @@ index.c A C wrapper to allow ezmlm-web.cgi to run suid. Not
be edited and compiled to suit your system. Not needed to
run ezmlm-web.
+ezmlmwebrc This is the configuration file for ezmlm-web. All options
+ are explained in this example file. You will need this
+ file to run ezmlm-web.
+
htaccess.sample A sample Apache .htaccess file for controlling access to
the mailing lists. If you use another web server, you will
have to work this bit out for yourself.
webusers.sample A sample webusers file for multi-level access control.
-V. Installation
-===============
-1. Copy ezmlm-web.cgi to some publically readable directory. It does not
- have to be in a path accessible to your web server, but any user with a
- mailing list must be able to run it (Check the read and execute rights
- on both the file and directory). We put our copy in
- /usr/local/bin ...
+The directory "lang" contains the language files. You will need at least the
+one, that you have choosen in "ezmlmwebrc" by the option "HTML_LANGUAGE".
-3. Edit the ezmlmwebrc file and alter the variables at the top to suit
- your particular system. In particular, you will probably have to change
- the $ENV{'PATH'} variable. Be particularly careful about what you set
- as the path. Too much is a security risk and too little will cause the
- script to malfunction. Version 2.0 requires that the following programs
- be accessible in your path; mv, rm
-
- Also be careful about the $LIST_DIR variable. This script assumes that
- all users store their mailing lists in the same sub directory of the
- home directory (eg ~/lists). You can override this for an individual
- user by recompiling the C wrapper to call ezmlm-web.cgi with a -d
- option.
-
- Other configurable options are documented in the ezmlmwebrc file
- itself. I have tried to keep the amount of information that you need to
- supply to a minimum and also make reasonable guesses about default
- values.
-
- Copy the ezmlmwebrc file and the "lang" directory to one of the following
- places:
- - /etc/ezmlm
- - the home directory of the user that runs ezmlm-web.cgi
- - the directory, that contains your ezmlm-web.cgi file
-
-4. Edit the index.c file and change the path to the path of your copy
- of ezmlm-web.cgi. Then compile this file. You can do this by issuing
- the command; gcc -o index.cgi index.c
-
-5. For every user/virtual host that needs to manage mailing lists, you
- need to create a SUID (user not root!!) copy of index.cgi (see
- chmod(1) for details). These need to reside somewhere accessible by
- the web server. I suggest that you put them in a sub directory (see
- about security) of each user/virtual host's home directory (eg
- /home/luser/public_html/ezmlm for Apache on Redhat).
-
- The copies don't actually have to be called index.cgi, but it is nice
- for web servers that can resolve a cgi script as an index page (see the
- srm.conf file in Apache). It is important to make sure that whichever
- directory you choose to put them can i: Execute CGI Scripts and ii: Be
- access controlled (here I mean both web and user access) by some method
- (eg .htaccess, access.conf for Apache).
-
-6. Install some method of securing access to the page. The following
- information is applicable to Apache web servers ... Detailed
- information on user authentication can be obtained from the Apache
- documentation (http://www.apache.org) and ApacheWeek
- (http://www.apacheweek.com/features/userauth)
-
-6.1 Ensure that your Apache setup will allow .htaccess file to control
- access in the directory that contains. This is controlled by the
- AllowOverride tag in access.conf. (Also ensure you have the
- necessary Apache modules installed)
-
-6.2 Create a htpasswd file. This is done using the htpasswd command that
- comes with Apache. Its command line syntax is;
- htpasswd [-c] passwordfile username
-
- You need to put the passwordfile somewhere that is not accessible by
- people through the web, and create an entry for each user you want
- to have access ... See the ApacheWeek article for more details.
-
-6.3 Create a .htaccess file in the directory that contains index.cgi.
- Note that using Apache's built in access control, you can only control
- access to directories, not individual files, hence the need for a
- sub-directory in step 5.
-
- The format of the .htaccess file should be along the lines of this;
-
- AuthName EZ Mailing List Manager
- AuthType Basic
- AuthUserFile /path/to/passwordfile
- require valid-user # or require user username
-
- Again, see the ApacheWeek article for details.
-
-7. Test the installation through the web. You should be asked for a
- username and password (supplied in 6.2) and then be presented with a
- screen entitled EZ Mailing List Manger. You can then try to create and
- edit mailing lists ... Have Fun :)
-
-VI. Notes
+V. Notes
=========
* There is a function to delete mailing lists, but I really don't like the
idea. The only reason I put it in is that bvi@rucus asked for it.
@@ -239,7 +165,7 @@ VI. Notes
* Please see the section on languages below.
-VII. Multi-Level Access
+VI. Multi-Level Access
=======================
Ezmlm-web has a multi-level access system. This depends on a file called
webusers being present in $LIST_DIR. If the file is not present, then any
@@ -275,10 +201,13 @@ following to your webusers file:
ALLOW_CREATE: user2, user3
If there is no line starting with "ALLOW_CREATE:" in the webusers file, then
-no one will be allowed to create lists. (this behaviour is new for ezmlm-web
-after version 2.1)
+no one will be allowed to create lists. This behaviour is new for ezmlm-web
+since version 2.2. To stay compatible to old installations, the commandline
+option "-c" for ezmlm-web.cgi will still allow everyone to create lists. The
+use of this option is deprecated, since the line "ALLOW_CREATE: ALL" provides
+the same effect in a cleaner way.
-VIII. Language Portablity
+VII. Language Portablity
=========================
One of the great new features of version 2.0 is that it is essentially
language independant (okay, not quite, but is 99% of the way there). Most of
@@ -293,11 +222,11 @@ appreciate it if you would do two things;
Firstly, make them public and announce them on the ezmlm@lists.cr.yp.to
mailing list so that others may benefit.
-Secondly, please mail me a copy (guy-ezmlm@rucus.ru.ac.za) so that I may use
+Secondly, please mail me a copy (ezmlm-web@sumpfralle.de) so that I may use
them in any future releases of ezmlm-web.
-IX. Bugs && Bug Reports
+VIII. Bugs && Bug Reports
=======================
I don't know of any bugs, but then this is a rewrite and a first release. It
has been tested reasonably well, but not exhaustively. I know it works on
@@ -306,10 +235,12 @@ an Apache web server, but I would be interested to know whether it works on
other OSs and with other web servers. This version is far less dependent on
the OS than previous versions so I don't see any reason why it shouldn't.
-Please mail bug reports and comments to guy-ezmlm@rucus.ru.ac.za
+Please mail bug reports and comments to ezmlm-web@sumpfralle.de.
-X. Acknowledgements
+IX. Acknowledgements
===================
+* Guy Antony Halse (guy-ezmlm@rucus.ru.ac.za) - He created ezmlm-web,
+ maintained it till 02005 and wrote nearly every line of code!
* Keith Burdis (keith@rucus.ru.ac.za) - For constantly bugging me and
ensuring that I actually got round to writing some code :)
* Bryan Kilian (bryan@rucus.ru.ac.za) and the administrators of the
@@ -327,10 +258,13 @@ X. Acknowledgements
mailing list, suggestions, help, etc
* Galen Johnson (gjohnson@totalsports.net) - For some ideas on bugfixes.
-XI. Availability
+X. Availability
=================
-The latest version of ezmlm-web will always be available on;
-ftp://rucus.ru.ac.za/pub/mail/ezmlm/
+More information on ezmlm-web and developments to ezmlm-web can be found at:
+https://systemausfall.org/toolforge/ezmlm-web
-More information on ezmlm-web and developments to ezmlm-web can be found at;
+The website of Guy Antony Halse (the author of ezmlm-web) is still at:
http://rucus.ru.ac.za/~guy/ezmlm/
+
+The old ftp-archive of ezmlm-web is still available on:
+ftp://rucus.ru.ac.za/pub/mail/ezmlm/
diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/TODO b/ezmlm-web-ng/ezmlm-web-2.1-ng/TODO
index 549d281..42353ec 100644
--- a/ezmlm-web-ng/ezmlm-web-2.1-ng/TODO
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/TODO
@@ -5,3 +5,4 @@ TODO - ezmlm-web 2.1
- More Documentation
- Some nice install method. But then I use FreeBSD and ported it
so that might just count as my nice install method :)
+- Option for a css-stylesheet
diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/UPGRADING b/ezmlm-web-ng/ezmlm-web-2.1-ng/UPGRADING
index d1c87c3..7abe744 100644
--- a/ezmlm-web-ng/ezmlm-web-2.1-ng/UPGRADING
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/UPGRADING
@@ -7,7 +7,7 @@ of a commandline switch for ezmlm-web.cgi.
necessary changes:
- optional: remove switch "-c" when calling ezmlm-web.cgi (take a look at index.c)
- - required: add a line like "ALLOW_CREATE: john, myra" to the webusers file - otherwise no one is allowed to create lists
+ - optional: add a line like "ALLOW_CREATE: john, myra" to the webusers file
2) The location of the webusers file is now defined in ezmlmwebrc. (default: $LIST_DIR/webusers)
diff --git a/ezmlm-web-ng/ezmlm-web-2.1-ng/ezmlm-web.cgi b/ezmlm-web-ng/ezmlm-web-2.1-ng/ezmlm-web.cgi
index 97e7d66..0741da3 100755
--- a/ezmlm-web-ng/ezmlm-web-2.1-ng/ezmlm-web.cgi
+++ b/ezmlm-web-ng/ezmlm-web-2.1-ng/ezmlm-web.cgi
@@ -53,8 +53,8 @@ use CGI::Carp qw(fatalsToBrowser set_message);
my $q = new CGI;
$q->import_names('Q');
-use vars qw[$opt_d $opt_C];
-getopts('d:C:');
+use vars qw[$opt_c $opt_d $opt_C];
+getopts('cd:C:');
# Suid stuff requires a secure path.
$ENV{'PATH'} = '/bin';
@@ -287,7 +287,7 @@ sub select_list {
print '| ', $LANGUAGE{'chooselistinfo'};
- print $q->submit(-name=>'action', -value=>"[$BUTTON{'create'}]"), ' ' if (&webauth_create_allowed == 0);
+ print $q->submit(-name=>'action', -value=>"[$BUTTON{'create'}]"), ' ' if ((&webauth_create_allowed == 0) || (!defined($opt_c)));
print $q->submit(-name=>'action', -value=>"[$BUTTON{'edit'}]"), ' ' if(defined(@lists));
print $q->submit(-name=>'action', -value=>"[$BUTTON{'delete'}]") if(defined(@lists));
print ' | | |
';