# Author: Ulli Horlacher <framstag@rus.uni-stuttgart.de>
#
-use CGI qw(:standard);
-use CGI::Carp qw(fatalsToBrowser);
+BEGIN { ($ENV{PERLINIT}||'') =~ /(.+)/s and eval $1 }
+
use Fcntl qw(:flock);
use Digest::MD5 qw(md5_hex);
-$CGI::LIST_CONTEXT_WARN = 0;
-$CGI::LIST_CONTEXT_WARN = 0;
-
# add fex lib
($FEXLIB) = $ENV{FEXLIB} =~ /(.+)/;
die "$0: no $FEXLIB\n" unless -d $FEXLIB;
if ($qs =~ /ab=load/) { $ab = 'load' }
}
-# look for CGI POST parameters
-foreach my $v (param) {
- my $vv = param($v);
- debuglog("Param: $v=\"$vv\"");
+# look for CGI parameters
+our %PARAM;
+&parse_parameters;
+foreach my $v (keys %PARAM) {
+ my $vv = $PARAM{$v};
+ # debuglog("Param: $v=\"$vv\"");
if ($v =~ /^akey$/i) {
$akey = $1 if $vv =~ /^(\w+)$/;
next;
$v =~ /^notification$/i ? $notification = checkchars('parameter',$vv):
$v =~ /^disclaimer$/i ? $disclaimer = $vv:
$v =~ /^encryption$/i ? $encryption = checkchars('parameter',$vv):
- $v =~ /^pubkey$/i ? $pubkey = $vv:
+ $v =~ /^pubkey$/i ? $pubkey = $PARAM{$v}{data}:
$v =~ /^reminder$/i ? $reminder = checkchars('parameter',$vv):
$v =~ /^mime$/i ? $mime = checkchars('parameter',$vv):
$v =~ /^comment$/i ? $comment = decode_utf8(normalize($vv)):
$ESAC;
}
-$group = lc $group if $group and $group ne 'NEW';
+if ($group and $group ne 'NEW') {
+ $group = lc $group;
+ $group =~ s/[^\w\*%^+=:,.!-]/_/g;
+}
$group = '' if $nomail;
$user .= '@'.$mdomain if $mdomain and $user !~ /@/;
'<a href="/foc?akey=$akey">back to F*EX operation control</a>'
'</body></html>'
));
+ exit;
} else {
$ab =~ s/[\r<>]//g;
$ab =~ s/\s*$/\n/;
local $/;
local $_;
- open $gf,">$gf.pk" or http_die("cannot write $gf - $!\n");
- print {$gf} <$pubkey>;
- close $gf;
+ open $pk,">$gf.pk" or http_die("cannot write $gf.pk - $!\n");
+ print {$pk} $pubkey;
+ close $pk;
unlink $gf;
system "gpg --batch --no-default-keyring --keyring $gf --import".
"< $gf.pk >/dev/null 2>&1";
'$pk'
'</pre>'
'<p>'
- '<a href="javascript:history.back()">back</a>'
+ '<a href="javascript:history.back()">back</a>'
'</body></html>'
));
}
'<h3>E-mails to you will be sent not encrypted.</h3>'
'<p>'
'<a href="/foc?akey=$akey">back to F*EX operation control</a>'
- '</body></html>'
));
} elsif ($encryption eq 'CHANGE') {
pq(qq(
'<pre>'
'$g'
'</pre>'
- '<p><hr><p>'
- '(*) To extract and verify your GPG public key use:'
- '<pre>'
- 'gpg -a --export $user > pubkey.gpg'
- 'gpg < pubkey.gpg'
- '</pre>'
));
}
- print "</body></html>\n";
- exit;
+ pq(qq(
+ '<p><hr><p>'
+ '(*) To extract and verify your GPG public key use:'
+ '<pre>'
+ 'gpg -a --export $user > pubkey.gpg'
+ 'gpg < pubkey.gpg'
+ '</pre>'
+ ));
}
-
- &reexec;
+ print "</body></html>\n";
+ exit;
}
if ($user and $reminder eq 'yes') {
'<a href="/foc?akey=$akey">back to F*EX operation control</a>'
'</body></html>'
));
- exit;
+ &reexec;
}
# empty subuser list POST
-if (defined(param('ssid')) and $ssid =~ /^\s*$/) {
+if (defined($PARAM{'ssid'}) and $ssid =~ /^\s*$/) {
unlink "$user/\@SUBUSER";
pq(qq(
'<h2>All subusers deleted</h2>\n<ul>'
'<a href="/foc?akey=$akey">back to F*EX operation control</a>'
'</body></html>'
));
- exit;
+ &reexec;
}
# update sub-users
'<p>'
'<a href="/foc?akey=$akey">back to F*EX operation control</a>'
));
- print end_html();
+ print "</body></html>\n";
exit;
} else {
# no group members -> delete group file
' New group name: <input type="text" name="group"> (You MUST fill out this field!)'
' </font>'
));
+ $gm = $user.':'.randstring(8);
} else {
if (open $gf,'<',$gf) {
local $/;