X-Git-Url: https://git.treefish.org/fex.git/blobdiff_plain/97b87610331f53e756d032ad21db786037f921a1..20150826:/cgi-bin/fuc?ds=sidebyside diff --git a/cgi-bin/fuc b/cgi-bin/fuc index c18aa45..661c897 100755 --- a/cgi-bin/fuc +++ b/cgi-bin/fuc @@ -1,6 +1,6 @@ #!/usr/bin/perl -wT -# FEX CGI for user control +# FEX CGI for user control # (subuser, groups, address book, one time upload key, auth-ID, etc) # # Author: Ulli Horlacher @@ -91,11 +91,11 @@ if ($akey) { # sid is not set with web browser my $idf = "$akeydir/$akey/@"; - + if (open $akey,'<',$idf and $id = getline($akey)) { close $akey; $idf =~ /(.*)\/\@/; - $user = readlink $1 + $user = readlink $1 or http_die("internal server error: no $akey symlink $1"); $user =~ s:.*/::; $user = untaint($user); @@ -123,7 +123,7 @@ if ($user and $akey and $qs and $qs =~ /info=(.+?)&skey=(.+)/) { if ($user and $id) { - if (-e "$user/\@CAPTIVE") { html_error($error,"captive user") } + if (-e "$user/\@CAPTIVE") { html_error($error,"captive user") } unless (open $idf,'<',"$user/@") { faillog("user $from, id $id"); html_error($error,"wrong user or auth-ID"); @@ -153,9 +153,9 @@ if ($user and $id) { } # empty POST? ==> back to foc -if ($ENV{REQUEST_METHOD} eq 'POST' and not +if ($ENV{REQUEST_METHOD} eq 'POST' and not ($subuser or $notify or $nid or $ssid or $group or $ab or $gm or $tools - or $disclaimer or $encryption or $pubkey)) + or $disclaimer or $encryption or $pubkey)) { nvt_print( "HTTP/1.1 302 Found", @@ -224,7 +224,7 @@ if ($subuser and $otuser) { my $okey = randstring(8); my $okeyd = "$user/\@OKEY"; mkdir $okeyd; - symlink $otuser,"$okeyd/$okey" + symlink $otuser,"$okeyd/$okey" or http_die("cannot create OKEY $okeyd/$okey : $!\n"); my $url = "$fup?to=$user&okey=$okey"; pq(qq( @@ -359,7 +359,7 @@ if ($user and $akey and defined $ab) { } else { $ab =~ s/[\r<>]//g; $ab =~ s/\s*$/\n/; - + foreach (split(/\n/,$ab)) { s/^\s+//; s/\s+$//; @@ -379,7 +379,7 @@ if ($user and $akey and defined $ab) { push @badalias,$_; } } - + if (@badalias) { print "

ERROR: bad aliases:

\n