X-Git-Url: https://git.treefish.org/fex.git/blobdiff_plain/7fa382617fbaccc0ce522b2b3adbbee9db5ad227..20150729:/cgi-bin/fup diff --git a/cgi-bin/fup b/cgi-bin/fup index d43cda0..87cedaf 100755 --- a/cgi-bin/fup +++ b/cgi-bin/fup @@ -8,20 +8,16 @@ # Sebastian Zaiser (upload status) # +BEGIN { ($ENV{PERLINIT}||'') =~ /(.+)/s and eval $1 } + use Encode; use Fcntl qw':flock :seek :mode'; use IO::Handle; use Digest::MD5 qw'md5_hex'; -use CGI::Carp qw'fatalsToBrowser'; use Cwd qw'abs_path'; -use constant DS => 60*60*24; -use constant M => 1024*1024; - # add fex lib -die "$0: no \$FEXLIB\n" unless $ENV{FEXLIB}; (our $FEXLIB) = $ENV{FEXLIB} =~ /(.+)/; -die "$0: no $FEXLIB\n" unless -d $FEXLIB; $| = 1; @@ -39,10 +35,12 @@ our (@registration_hosts,@demo,@file_link_dirs); # import from fex.pp our ($FEXHOME); -our ($spooldir,$durl,$tmpdir,$logdir,$docdir,$hostname,$admin,$fra); -our ($keep_default,$recipient_quota,$sender_quota); -our ($sendmail,$mdomain,$fop_auth,$mail_auth,$faillog); +our ($spooldir,$durl,$tmpdir,@logdir,$logdir,$docdir,$hostname,$admin,$fra); +our ($keep_default,$recipient_quota,$sender_quota,$fex_yourself); +our ($sendmail,$mdomain,$fop_auth,$mail_auth,$faillog,$amdl); our ($dkeydir,$ukeydir,$akeydir,$skeydir,$gkeydir,$xkeydir); +our ($MB,$DS); +our $RB; # read POST bytes (total) our $akey = ''; our $dkey = ''; our $skey = ''; @@ -54,7 +52,6 @@ our $fpsize = 0; # file part size (MIME-part) my $data; my $boundary; -my $rb = 0; # read bytes, totally my $rid = ''; # real ID my @header; # HTTP entity header my $fileid; # file ID @@ -62,18 +59,18 @@ my $captive; my $muser; # main user fur sub or group user # load common code, local config: $FEXLIB/fex.ph -require "$FEXLIB/fex.pp" or die "$0: cannot load $FEXLIB/fex.pp - $!\n"; +require "$FEXLIB/fex.pp"; # load fup local config our ($info_1,$info_2,$info_login); $locale = $ENV{LOCALE} || 'english'; -foreach my $pl ( +foreach ( "/var/lib/fex/locale/$locale/lib/fup.pl", "$FEXLIB/fup.pl", ) { - if (-f $pl) { - require $pl or die "$0: cannot load $FEXLIB/fup.pl - $!\n"; + if (-f) { + require; last; } } @@ -82,7 +79,7 @@ foreach my $pl ( chdir $spooldir or http_die("$spooldir - $!\n"); -my $log = "$logdir/fup.log"; +my $log = 'fup.log'; my $http_client = $ENV{HTTP_USER_AGENT} || ''; my $cl = $ENV{X_CONTENT_LENGTH} || $ENV{CONTENT_LENGTH} || 0; @@ -116,6 +113,10 @@ if ($addto) { $to = join(',',@to); +if ($from eq $to and $fex_yourself =~ /^no|0$/i) { + http_die("fexing to yourself is not allowed"); +} + $uid = randstring(8) unless $uid; # upload ID # user requests for forgotten ID @@ -214,6 +215,11 @@ if ($from and $id and not ($gkey or $skey or $public or $okey)) { } } +# optional $auth_hook() in fup.pl +if ($auth_hook and ($akey or $skey or $gkey) and $from and -d $from) { + &$auth_hook; +} + # forward a copy of a file to another recipient if ($akey and $dkey and $command eq 'FORWARD') { my $file = untaint(readlink "$dkeydir/$dkey"||''); @@ -371,7 +377,7 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { next if $file =~ m:(.+?)/: and -l $1; $size = -s "$file/data"; next unless $size; - $size = int($size/M+0.5); + $size = int($size/$MB+0.5); $filename = $comment = ''; my $rto = $file; $rto =~ s:/.*::; @@ -394,7 +400,7 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { close $file; } my $rkeep = untaint(readlink "$file/keep"||$keep_default) - - int((time-mtime("$file/filename"))/DS); + - int((time-mtime("$file/filename"))/$DS); if ($comment =~ /NOMAIL/ or (readlink "$to/\@NOTIFICATION"||'') =~ /^no/i) { printf "%8s MB [%s d] %s/%s/%s\n", @@ -438,11 +444,12 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { next if $file =~ m:(.+?)/: and -l $1; $size = -s "$file/data"; next unless $size; - $size = int($size/M+0.5); + $size = int($size/$MB+0.5); $filename = $comment = ''; my $rto = $file; $rto =~ s:/.*::; if ($dkey = readlink "$file/dkey") { + # die $file if -s "$file/data" and $file =~ /^$from/; if ($rto ne $to) { $to = $rto; print "\nto $to :\n"; @@ -461,7 +468,7 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { close $file; } my $rkeep = untaint(readlink "$file/keep"||$keep_default) - - int((time-mtime("$file/filename"))/DS); + - int((time-mtime("$file/filename"))/$DS); printf "%8s MB [%s d] %s%s\n", $size, $rkeep, @@ -493,7 +500,7 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { $filename = $comment = ''; $size = -s "$file/data"; next unless $size; - $size = int($size/M+0.5); + $size = int($size/$MB+0.5); if ($dkey = readlink "$file/dkey") { print "\nfrom $from :\n" unless $url; $file =~ m:.*/(.+):; @@ -516,7 +523,7 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { close $file; } my $rkeep = untaint(readlink "$file/keep"||$keep_default) - - int((time-mtime("$file/filename"))/DS); + - int((time-mtime("$file/filename"))/$DS); printf "[delete] ", $akey,$dkey; printf "[forward] ", @@ -584,9 +591,9 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { if ($command eq 'RECEIVEDLOG') { http_die("illegal command \"$command\"") if $public or $anonymous; - if (open my $fuplog,"$logdir/fup.log") { + if (open my $log,"$logdir/fup.log") { http_header('200 OK'); - while (<$fuplog>) { + while (<$log>) { next if /\sSTDFEX\s/; if (/\d+$/) { my @F = split; @@ -602,9 +609,9 @@ if (($from and $id and $rid eq $id or $gkey or $skey) and $command) { if ($command eq 'SENDLOG') { http_die("illegal command \"$command\"") if $public or $anonymous; - if (open my $fuplog,"$logdir/fup.log") { + if (open my $log,"$logdir/fup.log") { http_header('200 OK'); - while (<$fuplog>) { + while (<$log>) { next if /\sSTDFEX\s/; if (/(\S+\@\S+)/ and $1 eq $from) { s/ \[[\d_]+\]//; @@ -694,14 +701,14 @@ if ($from and $id and $rid eq $id and @to and not $flink and not $seek) { # check sender quota ($quota,$du) = check_sender_quota($muser||$from); - if ($quota and $du+$cl/M > $quota) { + if ($quota and $du+$cl/$MB > $quota) { http_die("you are overquota"); } # check recipient quota foreach my $to (@to) { ($quota,$du) = check_recipient_quota($to); - if ($quota and $du+$cl/M > $quota) { + if ($quota and $du+$cl/$MB > $quota) { http_die("$to cannot receive files: is overquota"); } } @@ -717,8 +724,7 @@ if ($id and $id eq $rid and $from and @to and not $public) { # (= has a F*EX ID) if (not $addto and $fop_auth and $id and $id eq $rid and $from and @to) { my ($to_reg,$idf,$subuser); - foreach (@to) { - my $to = $_; + foreach my $to (my @loop = @to) { $to =~ s/:\w+=.*//; # remove options from address $to_reg = 0; # full user? @@ -794,8 +800,8 @@ unless ($file) { } } - # save default locale for this user if (($akey or $skey or $gkey) and $from and -d $from) { + # save default locale for this user if (not $locale and ($ENV{HTTP_COOKIE}||'') =~ /\blocale=(\w+)/) { $locale = $1; } @@ -836,8 +842,8 @@ unless ($file) { @ab = (""); # select menu from server address book - if (open my $ab,'<',"$from/\@ADDRESS_BOOK") { - while (<$ab>) { + if (open my $AB,'<',"$from/\@ADDRESS_BOOK") { + while (<$AB>) { s/#.*//g; if (/(\S+)[=\s]+(\S+@[\w.-]+\S*)/) { $_ = "$1 <$2>"; @@ -845,7 +851,7 @@ unless ($file) { push @ab,""; } } - close $ab; + close $AB; } unless (@to) { @@ -909,12 +915,11 @@ unless ($file) { print "

\n"; close $rr; } - pq(qq( - ' ' - ' or ' - '' - '

' - )); + print qq' '; + if ($fex_yourself =~ /^yes|1/i) { + print qq' or ' + } + print "\n\n

\n"; if ($akey and -f "$from/\@" and not $captive ) { pq(qq( 'user config & operation control' @@ -940,7 +945,17 @@ unless ($file) { if (-x "$FEXHOME/cgi-bin/login") { print $info_login||$info_1; } - print "\n"; + pq(qq( + '


' + '' + 'Warning: the recipient must not be a mailing list, because after' + 'download the file will be no more available!' + '
' + 'Contact fexmaster' + 'if you want to fex to a mailing list,' + 'he can allow multiple downloads for specific addresses.' + '' + )); exit; } @@ -948,13 +963,14 @@ unless ($file) { if ($from and ($id or $okey)) { $to = $group if $group; present_locales($ENV{REQUEST_URI}) if $skey or $gkey or $okey; +# " '$ENV{PROTO}://$ENV{HTTP_HOST}/$cgi?showstatus=$uid'," pq(qq( '