diff options
author | Miquel Lionel <lionelmiquel@sfr.fr> | 2021-02-28 11:35:59 +0100 |
---|---|---|
committer | Miquel Lionel <lionelmiquel@sfr.fr> | 2021-02-28 11:35:59 +0100 |
commit | 78980dcae3e038072ef72b4cc55020d5a95c8b79 (patch) | |
tree | 982658c794bec1e719602ee0e8c829a5e40c067b /gpigeon-template.cgi | |
parent | 9ec78d0f98fa72293755052a989a34d09d08bb90 (diff) | |
download | gpigeon-78980dcae3e038072ef72b4cc55020d5a95c8b79.tar.gz gpigeon-78980dcae3e038072ef72b4cc55020d5a95c8b79.zip |
use template instead of writing perl in perl
- also renamed gpigeon.css -> styles.css. more standard
- utf-8 rules. other charset can't defeat him.
Diffstat (limited to 'gpigeon-template.cgi')
-rwxr-xr-x | gpigeon-template.cgi | 225 |
1 files changed, 68 insertions, 157 deletions
diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi index 210cc59..1369c4e 100755 --- a/gpigeon-template.cgi +++ b/gpigeon-template.cgi @@ -6,16 +6,7 @@ use Crypt::Argon2 qw(argon2id_verify); use Email::Valid; use String::Random; use CGI qw(param); -#use CGI::Carp qw(fatalsToBrowser); - -sub escape_arobase { - my $mailaddress = shift; - my $arobase = '@'; - my $espaced_arob = q{\@}; - my $escapedmailaddress = $mailaddress; - $escapedmailaddress =~ s/$arobase/$espaced_arob/; - return $escapedmailaddress; -} +use CGI::Carp qw(fatalsToBrowser); sub untaint_cgi_filename { my $filename = shift; @@ -42,21 +33,13 @@ sub notif_if_defined{ delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; $ENV{'PATH'} = '/usr/bin'; -my $HAS_MAILSERVER = 0; -my $SRV_NAME = $ENV{'SERVER_NAME'}; -my $HTML_CONTENT_TYPE_HEADER = 'Content-type: text/html'; -my $HTML_CHARSET = 'UTF-8'; -my $HTML_CSS = '/gpigeon.css'; -my $mymailaddr = q{your_mail_address_goes_here}; -my $mymailaddr_pw = q{your_mail_address_password_goes_here}; -my $mymail_smtp = q{smtp_domain_goes_here}; -my $mymail_smtport = q{smtp_port_goes_here}; -my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form -my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash please -my $mymailaddr_escaped = escape_arobase($mymailaddr); -my $msg_form_char_limit = 3000; +my $HOSTNAME = $ENV{'SERVER_NAME'}; +my $LINK_TEMPLATE_PATH='/usr/share/webapps/gpigeon/link-template.pl'; # this is the file where the SMTP and mail address values goes +my $msg_form_char_limit = 3000; +my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash format my %text_strings = (link_del_ok => 'Successful removal !', addr => 'Address', + here => 'here', addr_ok => 'is valid!', addr_nok => 'is not valid !', addr_unknown => 'Unknown', @@ -80,171 +63,99 @@ my %text_strings = (link_del_ok => 'Successful removal !', msg_too_long => 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.', msg_empty => 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.', notif_login_failure => 'Cannot login. Check if your username and password match.' - ); +); my $cgi_query_get = CGI->new; my $PASSWD = $cgi_query_get->param('password'); -my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; +my ($linkgen_notif, $mailisok_notif, $deletion_notif) = undef; my @created_links = (); if (argon2id_verify($PASSWD_HASH,$PASSWD)){ - my $psswd_formfield = '<input type="hidden" name="password" value="' . $cgi_query_get->param('password') . '">'; + my $hidden_pwfield = '<input type="hidden" name="password" value="' . $PASSWD . '">'; if (defined $cgi_query_get->param('supprlien')){ my $pending_deletion = $cgi_query_get->param('supprlien'); - my $gpg_form_fn = "./l/$pending_deletion"; - if (unlink untaint_cgi_filename($gpg_form_fn)){ - $notif_suppression=qq{<span style="color:green">$text_strings{link_del_ok}</span>}; + my $linkfile_fn = "./l/$pending_deletion"; + if (unlink untaint_cgi_filename($linkfile_fn)){ + $deletion_notif=qq{<span style="color:green">$text_strings{link_del_ok}</span>}; } else { - $notif_suppression=qq{<span style="color:red">$text_strings{link_del_failed} $gpg_form_fn : $!</span>}; + $deletion_notif=qq{<span style="color:red">$text_strings{link_del_failed} $linkfile_fn : $!</span>}; } } if (defined $cgi_query_get->param('supprtout')){ opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; - while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = "./l/$_"; - unlink untaint_cgi_filename($gpg_form_fn) or die "$!"; - $notif_suppression=qq{<span style="color:green">$text_strings{link_del_ok}</span>}; + my $linkfile_fn = "./l/$_"; + unlink untaint_cgi_filename($linkfile_fn) or die "$!"; + $deletion_notif=qq{<span style="color:green">$text_strings{link_del_ok}</span>}; } } closedir $link_dir_handle; } if (defined $cgi_query_get->param('mail')){ - my $non_gpguser = scalar $cgi_query_get->param('mail'); + my $link_asker = scalar $cgi_query_get->param('mail'); - if ( Email::Valid->address($non_gpguser) ){ - $notif_mail_valide = qq{<span style="color:green">$text_strings{addr} $non_gpguser $text_strings{addr_ok}</span>}; - my $escaped_non_gpguser = escape_arobase($non_gpguser); + if ( Email::Valid->address($link_asker) ){ + $mailisok_notif = qq{<span style="color:green">$text_strings{addr} $link_asker $text_strings{addr_ok}</span>}; + my $escaped_link_asker = escape_arobase($link_asker); my $str_rand_obj = String::Random->new; my $random_fn = $str_rand_obj->randregex('\w{64}'); - my $GENERATED_FORM_FILENAME = "$random_fn.cgi"; - my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; - my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME"; - if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){ - print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n", - ' my $non_gpguser = q{'. $non_gpguser .'};', "\n", - 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n", - '$ENV{\'PATH\'}="/usr/bin";', "\n", - 'use warnings;', "\n", - 'use strict;',"\n", - 'use GPG;',"\n", - '#use CGI::Carp qw(fatalsToBrowser);', "\n", - 'use CGI qw(param);', "\n", - 'my $cgi_query_get = CGI->new;', "\n", - 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n", - '$msg_form_char_limit = '. $msg_form_char_limit . ' ;', "\n", - '$msg_form = $cgi_query_get->param(\'msg\');', "\n", - 'my $length_msg_form = length $msg_form;', "\n", - - 'if (defined $length_msg_form and $length_msg_form > $msg_form_char_limit){', "\n", - ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings{msg_too_long} .'.</b></span>};', "\n", - '} elsif (defined $length_msg_form and $length_msg_form eq 0 ){', "\n", - ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings{msg_empty} . '.</b></span>};', "\n", - '} else {', "\n", - ' if (defined $length_msg_form and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n", - ' $msg_form =~ tr/\r//d;', "\n", - ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n", - ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg_form, \''. $mymail_gpgid .'\') or die $gpg->error();', "\n"; - if ($HAS_MAILSERVER){ - undef $mymailaddr_escaped; - print $gpg_form_fh "\n", - ' use Mail::Sendmail;', "\n", - ' my %mail = ( To => \''.$mymailaddr.'\', ', "\n", - ' From => \''.$mymailaddr.'\', ', "\n", - ' Subject => \'Gpigeon\', ', "\n", - ' Message => "$enc_msg\n" ', "\n", - ' );', "\n", - ' sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; - } - else { - print $gpg_form_fh "\n", - ' use Net::SMTP;',"\n", - ' use Net::SMTPS;',"\n", - ' my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", - ' $smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", - ' $smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", - ' if ($smtp->to(\''. $mymailaddr .'\')){', "\n", - ' $smtp->data();', "\n", - ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", - ' $smtp->datasend("\n");', "\n", - ' $smtp->datasend("$enc_msg\n");', "\n", - ' $smtp->dataend();', "\n", - ' }', "\n", - ' else {', "\n", - ' die $smtp->message();', "\n", - ' }', "\n"; - } - print $gpg_form_fh "\n", - ' unlink "../' . $MAILFORM_RELPATH . '";', "\n", - ' print "Location: /merci/index.html\n\n";', "\n", - ' }', "\n", - '}', "\n", - 'print "Content-type: text/html", "\n\n";', "\n", - 'print q{<!DOCTYPE html>', "\n", - '<html>', "\n", - ' <head>', "\n", - ' <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico">', "\n", - ' <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">', - ' <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n", - ' <title>Formulaire d\'envoi de message GPG</title>',"\n", - ' </head>', "\n", - ' <body>', "\n", - ' <p>'. $text_strings[7] . '<b>' . $non_gpguser .'</b> :</p>', "\n", - ' <form method="POST">', "\n", - ' <textarea wrap="off" cols="50" rows="30" name="msg"></textarea><br>', - '};', "\n", - 'if (defined $error_processing_msg){printf $error_processing_msg;}', "\n", - 'printf qq{ <br> - <input type="submit" value="'. $text_strings{link_send_btn} .'">', "\n", - ' </form>', "\n", - ' </body>', "\n", - '</html> };'; - close $gpg_form_fh; - chmod(0755,$MAILFORM_RELPATH); - $notif_de_creation=qq{<span style="color:green">$text_strings{link_generated_ok} $non_gpguser: </span><br><a href="$MAILFORM_LINK">$MAILFORM_LINK</a>}; } - else{ - close $gpg_form_fh and die "Can't open $MAILFORM_RELPATH: $!"; - } + my $HREF_LINK = "https://$HOSTNAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; + my $LINK_FILENAME = "./l/$GENERATED_FORM_FILENAME"; + + open my $in, '<', $LINK_TEMPLATE_PATH or die "Can't read link template file: $!"; + open my $out, '>', $LINK_FILENAME or die "Can't write to link file: $!"; + while( <$in> ) { + s/{link_user}/{$link_asker}/g; + s/{link_filename}/{$LINK_FILENAME}/g; + s/{msg_too_long}/$text_strings{msg_too_long}/g; + s/{msg_empty}/$text_strings{msg_empty}/g; + s/{msg_form_char_limit}/$msg_form_char_limit/g; + s/{link_send_btn}/$text_strings{link_send_btn}/g; + print $out $_; + } + close $in or die; + chmod(0755,$LINK_FILENAME) or die; + close $out or die; + + $linkgen_notif = qq{<span style="color:green">$text_strings{link_generated_ok} $link_asker: </span><br><a href="$HREF_LINK">$HREF_LINK</a>}; } else{ - $notif_mail_valide = qq{<span style="color:red">$text_strings{addr} $non_gpguser $text_strings{addr_nok}.</span>}; + $mailisok_notif = qq{<span style="color:red">$text_strings{addr} $link_asker $text_strings{addr_nok}.</span>}; } } - - opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; + + opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = $_; - my $non_gpguser = undef; - if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){ - - for (1..3){ - $non_gpguser = readline $gpg_form_handle; - $non_gpguser =~ s/q\{(.*?)\}//i; - $non_gpguser = $1; + my $linkfile_fn = $_; + my $link_asker = undef; + if (open my $linkfile_handle , '<', "./l/$linkfile_fn"){ + for (1..2){ + $link_asker = readline $linkfile_handle; + $link_asker =~ s/q\{(.*?)\}//i; + $link_asker = $1; } - close $gpg_form_handle; + close $linkfile_handle; - if (not defined $non_gpguser){ - $non_gpguser = $text_strings{unknown}; + if (not defined $link_asker){ + $link_asker = $text_strings{unknown}; } - #create links table html push @created_links, qq{<tr> - <td><a href="/cgi-bin/l/$gpg_form_fn">ici</a></td> - <td><a href="mailto:$non_gpguser?subject=$text_strings{mailto_subject}&body=$text_strings{mailto_body} http://$SRV_NAME/cgi-bin/l/$gpg_form_fn">$non_gpguser</a></td> + <td><a href="/cgi-bin/l/$linkfile_fn">ici</a></td> + <td><a href="mailto:$link_asker?subject=$text_strings{mailto_subject}&body=$text_strings{mailto_body} http://$HOSTNAME/cgi-bin/l/$linkfile_fn">$link_asker</a></td> <td> <form method="POST"> - <input type="hidden" name="supprlien" value="$gpg_form_fn"> - <input type="hidden" name="password" value="$cgi_query_get->param('password')"> + <input type="hidden" name="supprlien" value="$linkfile_fn"> + <input type="hidden" name="password" value="$PASSWD"> <input type="submit" value="$text_strings{delete_link_btn_text}"> </form> </td> @@ -252,21 +163,21 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){ } else { - close $gpg_form_handle; - die 'Content-type: text/plain', "\n\n", "Error: Can't open $gpg_form_fn: $!"; + close $linkfile_handle; + die 'Content-type: text/plain', "\n\n", "Error: Can't open $linkfile_fn: $!"; } } } closedir $link_dir_handle; - print $HTML_CONTENT_TYPE_HEADER,"\n\n", + print 'Content-type: text/html',"\n\n", qq{<!DOCTYPE html> <html> <head> <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico"> - <link rel="stylesheet" type="text/css" href="$HTML_CSS"> - <meta http-equiv="content-type" content="text/html;charset=$HTML_CHARSET"> - <meta charset="$HTML_CHARSET"> + <link rel="stylesheet" type="text/css" href="/styles.css"> + <meta http-equiv="content-type" content="text/html;charset=UTF-8"> + <meta charset="UTF-8"> <title>$text_strings{web_title}</title> </head> <body> @@ -276,27 +187,27 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){ <input type="submit" value="$text_strings{disconnect_btn_text}"> </form> <form method="POST"> - $psswd_formfield + $hidden_pwfield <input type="submit" value="$text_strings{refresh_btn_text}"> </form> <hr> <br> <form method="POST"> - $psswd_formfield + $hidden_pwfield Mail de la personne:<br> <input tabindex="1" type="text" name="mail"> <input tabindex="2" type="submit" value="$text_strings{create_link_btn}"> </form>}, - notif_if_defined($notif_mail_valide), + notif_if_defined($mailisok_notif), '<br>' - notif_if_defined($notif_de_creation), + notif_if_defined($linkgen_notif), qq{<hr> <form method="POST"> - $psswd_formfield + $hidden_pwfield <input type="hidden" name="supprtout"> <input type="submit" value="$text_strings{delete_links_btn_text}"> </form>}, - notif_if_defined($notif_suppression), + notif_if_defined($deletion_notif), qq{<table> <tr> <th>$text_strings{theader_link}</th> |