diff options
| author | Miquel Lionel <lionelmiquel@sfr.fr> | 2020-11-18 16:59:31 +0100 |
|---|---|---|
| committer | Miquel Lionel <lionelmiquel@sfr.fr> | 2020-11-18 17:28:07 +0100 |
| commit | 37ef8a673a7e69085b54ccf34d2a0478b5ac7973 (patch) | |
| tree | c31a08d2cfacf04fda75496533554e9e93435ad5 /gpigeon-template.cgi | |
| parent | 1c481b16bd56c888d99aa82936936783996e3cc1 (diff) | |
| download | gpigeon-37ef8a673a7e69085b54ccf34d2a0478b5ac7973.tar.gz gpigeon-37ef8a673a7e69085b54ccf34d2a0478b5ac7973.zip | |
Various bug fixes in the perl code.
- Fixed the bug when the page was displaying in plain text after generating a link. My tired ass last night didn't think to print to the gpg_form filehandle.
- Fixed the bug when not all the text was written in the link file (the gpg form as I call it). reason: see above.
- Fixed the 'if ($HAS_MAILSERVER)' check. now it makes more sense.
- Fixed the bug when the link user was marked as 'Unknown' in the table but in the l/xxxx.cgi file it was there. Reverted code and it works now, it grep the right line and fill the $nongpg_user var with the right info.
- Fixed a bug where '0x' was inserted before the $mymail_gpgid variable in the generation of the gpg form. '0x1234' would become '0x0x1234' in the generated form. It's okay now.
- Fixed various syntax errors.
Diffstat (limited to 'gpigeon-template.cgi')
| -rwxr-xr-x | gpigeon-template.cgi | 105 |
1 files changed, 52 insertions, 53 deletions
diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi index 4807f74..ffe3f5b 100755 --- a/gpigeon-template.cgi +++ b/gpigeon-template.cgi @@ -8,7 +8,6 @@ use String::Random; use CGI qw(param); #use CGI::Carp qw(fatalsToBrowser); - sub escape_arobase { my $mailaddress = shift; my $arobase = '@'; @@ -54,6 +53,7 @@ my $mymail_smtport = q{smtp_port_goes_here}; my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form my $PASSWD_HASH = q{password_hash_goes_here}; my $mymailaddr_escaped = escape_arobase($mymailaddr); +my $msg_form_char_limit = 3000; my @text_strings = ('Succesfull deletion!', 'Address', 'is valid!', @@ -62,7 +62,7 @@ my @text_strings = ('Succesfull deletion!', 'Message length must be under$msg_form_char_limit chars.', 'One time GPG messaging form', # title for generated links 'Type your message below, ', - 'Send me', + 'Send to me', 'Generated a link for', #displays if link gen is successful 'Link to your one time GPG messaging form', # mail subject when clicking a mailto: link in table 'Your link is ', # message body when clicking a mailto: link in table @@ -82,13 +82,13 @@ my @text_strings = ('Succesfull deletion!', 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.', 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.' ); -my $msg_form_char_limit = 3000; my $cgi_query_get = CGI->new; my $PASSWD = $cgi_query_get->param('password'); my $psswd_formfield = '<input type="hidden" name="password" value="' . $cgi_query_get->param('password') . '">',"\n"; my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; my @created_links = (); + if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ if (defined $cgi_query_get->param('supprlien')){ @@ -98,7 +98,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ $notif_suppression='<span style="color:green">'.$text_strings[0].'</span>'; } else { - $notif_suppression='<span style="color:red">'. $text_string[24] . $gpg_form_fn.':'. $! .'</span>'; + $notif_suppression='<span style="color:red">'. $text_strings[24] . $gpg_form_fn.':'. $! .'</span>'; } } @@ -119,8 +119,8 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ my $non_gpguser = scalar $cgi_query_get->param('mail'); if ( Email::Valid->address($non_gpguser) ){ - $notif_mail_valide = '<span style="color:green">'. $text_strings[1] . $non_gpguser . $text_strings[2] . '</span>'; - my $escaped_non_gpguser = escape_arobase($input_mail_addr); + $notif_mail_valide = '<span style="color:green">'. $text_strings[1] . ' '. $non_gpguser.' '. $text_strings[2] . '</span>'; + my $escaped_non_gpguser = escape_arobase($non_gpguser); my $random_mailform_fn_str = String::Random->new; my @mailform_fn_str_buffer = (); @@ -134,7 +134,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME"; if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){ - print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n" + print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n", ' my $non_gpguser = q{'. $non_gpguser .'};', "\n", 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n", '$ENV{\'PATH\'}="/usr/bin";', @@ -151,42 +151,41 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ 'if ($length_msg_form > $msg_form_char_limit){', "\n", ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings[25] .'.</b></span>};', "\n", '} elsif ( $length_msg_form eq 0 ){', "\n", - ' $error_processing_msg = q{<span style="color:red"><b>'. $text_string[26] . '.</b></span>};', "\n", + ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings[26] . '.</b></span>};', "\n", '} else {', "\n", 'if (defined $cgi_query_get->param(\'msg\') and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n", ' $msg_form =~ tr/\r//d;', "\n", ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n", - ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg, \'0x'. $mymail_gpgid .'\') or die $gpg->error();', "\n"; - - if ($HAS_MAILSERVER eq 0){ - print 'use Net::SMTP;',"\n", - 'use Net::SMTPS;',"\n", - 'my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", - '$smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", - '$smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", - 'if ($smtp->to(\''. $mymailaddr .'\')){', "\n", - ' $smtp->data();', "\n", - ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", - ' $smtp->datasend("\n");', "\n", - ' $smtp->datasend("$enc_msg\n");', "\n", - ' $smtp->dataend();', "\n", - '}', "\n", - 'else {', "\n", - ' die $smtp->message();', "\n", - '}', "\n"; - } - else { - undef $mymailaddr_escaped; - print 'use Mail::Sendmail;', - '%mail = ( To => \''.$mymailaddr.'\',' , "\n", - ' From => \''.$mymailaddr.'\',', "\n", - ' Subject => \'Gpigeon\' ', "\n", - ' Message => "$enc_msg\n" ', "\n", - ');', "\n", - 'sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; - } - print 'unlink "../' . $MAILFORM_RELPATH . '";', "\n", - 'print "Location: /gpigeon/merci/index.html\n\n";', "\n", + ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg_form, \''. $mymail_gpgid .'\') or die $gpg->error();', "\n"; + if ($HAS_MAILSERVER){ + undef $mymailaddr_escaped; + print $gpg_form_fh 'use Mail::Sendmail;', + '%mail = ( To => \''.$mymailaddr.'\',' , "\n", + ' From => \''.$mymailaddr.'\',', "\n", + ' Subject => \'Gpigeon\' ', "\n", + ' Message => "$enc_msg\n" ', "\n", + ');', "\n", + 'sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; + } + else { + print $gpg_form_fh 'use Net::SMTP;',"\n", + 'use Net::SMTPS;',"\n", + 'my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", + '$smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", + '$smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", + 'if ($smtp->to(\''. $mymailaddr .'\')){', "\n", + ' $smtp->data();', "\n", + ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", + ' $smtp->datasend("\n");', "\n", + ' $smtp->datasend("$enc_msg\n");', "\n", + ' $smtp->dataend();', "\n", + '}', "\n", + 'else {', "\n", + ' die $smtp->message();', "\n", + '}', "\n"; + } + print $gpg_form_fh 'unlink "../' . $MAILFORM_RELPATH . '";', "\n", + 'print "Location: /merci/index.html\n\n";', "\n", '}', "\n", '}', "\n", 'print "Content-type: text/html", "\n\n";', "\n", @@ -194,12 +193,12 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ '<html>', "\n", ' <head>', "\n", ' <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico">', "\n", - ' <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">'; + ' <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">', ' <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n", ' <title>Formulaire d\'envoi de message GPG</title>',"\n", ' </head>', "\n", ' <body>', "\n", - ' <p>'. $text_strings[7] . '<b>' .$escaped_non_gpguser .'</b> :</p>', "\n", + ' <p>'. $text_strings[7] . '<b>' . $non_gpguser .'</b> :</p>', "\n", ' <form method="POST">', "\n", ' <textarea wrap="off" cols="50" rows="30" name="msg"></textarea><br>', '};', "\n", @@ -214,7 +213,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ $notif_de_creation='<span style="color:green">'. $text_strings[9] . $non_gpguser .'</span><br><a href="'. $MAILFORM_LINK .'">'. $MAILFORM_LINK .'</a>'; } else{ - close $gpg_form_fh and die "cant open $MAILFORM_RELPATH: $!"; + close $gpg_form_fh and die "Can't open $MAILFORM_RELPATH: $!"; } } else{ @@ -230,7 +229,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ my $non_gpguser = undef; if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){ - for (1..4){ + for (1..3){ $non_gpguser = readline $gpg_form_handle; $non_gpguser =~ s/q\{(.*?)\}//i; $non_gpguser = $1; @@ -245,7 +244,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ push @created_links, '<tr> <td><a href="/cgi-bin/l/'. $gpg_form_fn .'">ici</a></td> - <td><a href="mailto:'. $non_gpguser .'?subject=$text_strings[10] gpg&body=$text_strings[11] http://$SRV_NAME/cgi-bin/l/'. $gpg_form_fn .'">$non_gpguser</a></td> + <td><a href="mailto:'. $non_gpguser .'?subject='. $text_strings[10] .'&body='. $text_strings[11] .'http://$SRV_NAME/cgi-bin/l/'. $gpg_form_fn .'">'.$non_gpguser.'</a></td> <td> <form method="POST"> <input type="hidden" name="supprlien" value="'. $gpg_form_fn .'"> @@ -268,20 +267,20 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ '<!DOCTYPE html> <html> <head> - <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico"> , + <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico"> <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'"> <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'"> <title>'. $text_strings[14] .'</title> </head> <body> - <p>.' $text_strings[15] .'</p> + <p>'. $text_strings[15] .'</p> <form method="POST"> <input type="hidden" name="password" value="0"> <input type="submit" value="'. $text_strings[16] .'"> </form> - <form method="POST"> + <form method="POST">', $psswd_formfield, - <input type="submit" value="'. $text_strings[17] .'"> + '<input type="submit" value="'. $text_strings[17] .'"> </form> <hr> <br> @@ -290,11 +289,11 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ 'Mail de la personne:<br> <input tabindex="1" type="text" name="mail"> <input tabindex="2" type="submit" value="'. $text_strings[18] .'"> - </form>', - notif_if_defined($notif_mail_valide), - '<br>', - notif_if_defined($notif_de_creation), - '<hr> + </form>'; + print notif_if_defined($notif_mail_valide); + print '<br>'; + print notif_if_defined($notif_de_creation); + print '<hr> <p>'. $text_strings[19] .'</p>', '<form method="POST">', $psswd_formfield, |