X-Git-Url: http://git.treefish.org/fex.git/blobdiff_plain/7fa382617fbaccc0ce522b2b3adbbee9db5ad227..20150729:/cgi-bin/fuc diff --git a/cgi-bin/fuc b/cgi-bin/fuc index 864a3de..c18aa45 100755 --- a/cgi-bin/fuc +++ b/cgi-bin/fuc @@ -6,14 +6,11 @@ # Author: Ulli Horlacher # -use CGI qw(:standard); -use CGI::Carp qw(fatalsToBrowser); +BEGIN { ($ENV{PERLINIT}||'') =~ /(.+)/s and eval $1 } + use Fcntl qw(:flock); use Digest::MD5 qw(md5_hex); -$CGI::LIST_CONTEXT_WARN = 0; -$CGI::LIST_CONTEXT_WARN = 0; - # add fex lib ($FEXLIB) = $ENV{FEXLIB} =~ /(.+)/; die "$0: no $FEXLIB\n" unless -d $FEXLIB; @@ -49,10 +46,12 @@ if ($qs) { if ($qs =~ /ab=load/) { $ab = 'load' } } -# look for CGI POST parameters -foreach my $v (param) { - my $vv = param($v); - debuglog("Param: $v=\"$vv\""); +# look for CGI parameters +our %PARAM; +&parse_parameters; +foreach my $v (keys %PARAM) { + my $vv = $PARAM{$v}; + # debuglog("Param: $v=\"$vv\""); if ($v =~ /^akey$/i) { $akey = $1 if $vv =~ /^(\w+)$/; next; @@ -65,7 +64,7 @@ foreach my $v (param) { $v =~ /^notification$/i ? $notification = checkchars('parameter',$vv): $v =~ /^disclaimer$/i ? $disclaimer = $vv: $v =~ /^encryption$/i ? $encryption = checkchars('parameter',$vv): - $v =~ /^pubkey$/i ? $pubkey = $vv: + $v =~ /^pubkey$/i ? $pubkey = $PARAM{$v}{data}: $v =~ /^reminder$/i ? $reminder = checkchars('parameter',$vv): $v =~ /^mime$/i ? $mime = checkchars('parameter',$vv): $v =~ /^comment$/i ? $comment = decode_utf8(normalize($vv)): @@ -79,7 +78,10 @@ foreach my $v (param) { $ESAC; } -$group = lc $group if $group and $group ne 'NEW'; +if ($group and $group ne 'NEW') { + $group = lc $group; + $group =~ s/[^\w\*%^+=:,.!-]/_/g; +} $group = '' if $nomail; $user .= '@'.$mdomain if $mdomain and $user !~ /@/; @@ -353,6 +355,7 @@ if ($user and $akey and defined $ab) { 'back to F*EX operation control' '' )); + exit; } else { $ab =~ s/[\r<>]//g; $ab =~ s/\s*$/\n/; @@ -515,9 +518,9 @@ if ($user and $pubkey) { local $/; local $_; - open $gf,">$gf.pk" or http_die("cannot write $gf - $!\n"); - print {$gf} <$pubkey>; - close $gf; + open $pk,">$gf.pk" or http_die("cannot write $gf.pk - $!\n"); + print {$pk} $pubkey; + close $pk; unlink $gf; system "gpg --batch --no-default-keyring --keyring $gf --import". "< $gf.pk >/dev/null 2>&1"; @@ -546,7 +549,7 @@ if ($user and $pubkey) { '$pk' '' '

' - 'back' + 'back' '' )); } @@ -567,7 +570,6 @@ if ($user and $encryption) { '

E-mails to you will be sent not encrypted.

' '

' 'back to F*EX operation control' - '' )); } elsif ($encryption eq 'CHANGE') { pq(qq( @@ -591,19 +593,19 @@ if ($user and $encryption) { '

'
         '$g'
         '
' - '


' - '(*) To extract and verify your GPG public key use:' - '

'
-        'gpg -a --export $user > pubkey.gpg'
-        'gpg < pubkey.gpg'
-        '
' )); } - print "\n"; - exit; + pq(qq( + '


' + '(*) To extract and verify your GPG public key use:' + '

'
+      'gpg -a --export $user > pubkey.gpg'
+      'gpg < pubkey.gpg'
+      '
' + )); } - - &reexec; + print "\n"; + exit; } if ($user and $reminder eq 'yes') { @@ -647,18 +649,18 @@ if ($nid) { 'back to F*EX operation control' '' )); - exit; + &reexec; } # empty subuser list POST -if (defined(param('ssid')) and $ssid =~ /^\s*$/) { +if (defined($PARAM{'ssid'}) and $ssid =~ /^\s*$/) { unlink "$user/\@SUBUSER"; pq(qq( '

All subusers deleted

\n