diff options
-rwxr-xr-x | gpigeon-template.cgi | 267 |
1 files changed, 121 insertions, 146 deletions
diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi index 10e0100..4807f74 100755 --- a/gpigeon-template.cgi +++ b/gpigeon-template.cgi @@ -8,7 +8,6 @@ use String::Random; use CGI qw(param); #use CGI::Carp qw(fatalsToBrowser); -delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; sub escape_arobase { my $mailaddress = shift; @@ -39,9 +38,12 @@ sub notif_if_defined{ } } +delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; # execute 'printf "yourpassword" | sha256sum' on a terminal # and copy the long string -$ENV{'PATH'}='/usr/bin'; +$ENV{'PATH'} = '/usr/bin'; +my $HAS_MAILSERVER = 0; +my $SRV_NAME = $ENV{'SERVER_NAME'}; my $HTML_CONTENT_TYPE_HEADER = 'Content-type: text/html'; my $HTML_CHARSET = 'UTF-8'; my $HTML_CSS = '/gpigeon.css'; @@ -50,17 +52,9 @@ my $mymailaddr_pw = q{your_mail_address_password_goes_here}; my $mymail_smtp = q{smtp_domain_goes_here}; my $mymail_smtport = q{smtp_port_goes_here}; my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form -my $mymailaddr_escaped = escape_arobase($mymailaddr); -my $msg_form_char_limit = 3000; my $PASSWD_HASH = q{password_hash_goes_here}; -my $cgi_query_get = CGI->new; -my $PASSWD = $cgi_query_get->param('password'); -my $HAS_MAILSERVER = 0; - -if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ - - - my @text_strings = ('Succesful deletion!', +my $mymailaddr_escaped = escape_arobase($mymailaddr); +my @text_strings = ('Succesfull deletion!', 'Address', 'is valid!', 'is not valid !', @@ -87,43 +81,45 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ 'Deletion failed and here is why : ', 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.', 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.' - ); - my $psswd_formfield = '<input type="hidden" name="password" value="' . $cgi_query_get->param('password') . '">',"\n"; - my $SRV_NAME = $ENV{'SERVER_NAME'}; - my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; - my @created_links = (); +); +my $msg_form_char_limit = 3000; +my $cgi_query_get = CGI->new; +my $PASSWD = $cgi_query_get->param('password'); +my $psswd_formfield = '<input type="hidden" name="password" value="' . $cgi_query_get->param('password') . '">',"\n"; +my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; +my @created_links = (); + +if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ if (defined $cgi_query_get->param('supprlien')){ my $pending_deletion = $cgi_query_get->param('supprlien'); - my $relpath_todelete = "./l/$pending_deletion"; - if (unlink untaint_cgi_filename($relpath_todelete)){ + my $gpg_form_fn = "./l/$pending_deletion"; + if (unlink untaint_cgi_filename($gpg_form_fn)){ $notif_suppression='<span style="color:green">'.$text_strings[0].'</span>'; } else { - $notif_suppression='<span style="color:red">'.$text_string[24]. - $relpath_todelete.':'.$!.'</span>'; + $notif_suppression='<span style="color:red">'. $text_string[24] . $gpg_form_fn.':'. $! .'</span>'; } } if (defined $cgi_query_get->param('supprtout')){ - opendir my $dir_handle, './l' or die "Can't open ./l: $!"; + opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; - while (readdir $dir_handle) { + while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $relpath_todelete = "./l/$_"; - unlink untaint_cgi_filename($relpath_todelete) or die "$!"; - $notif_suppression='<span style="color:green">'. - $text_strings[0] .'</span>'; + my $gpg_form_fn = "./l/$_"; + unlink untaint_cgi_filename($gpg_form_fn) or die "$!"; + $notif_suppression='<span style="color:green">'. $text_strings[0] .'</span>'; } } - closedir $dir_handle; + closedir $link_dir_handle; } if (defined $cgi_query_get->param('mail')){ my $non_gpguser = scalar $cgi_query_get->param('mail'); + if ( Email::Valid->address($non_gpguser) ){ - $notif_mail_valide = "<span style='color:green'>$text_strings[1] - $non_gpguser $text_strings[2]</span>"; + $notif_mail_valide = '<span style="color:green">'. $text_strings[1] . $non_gpguser . $text_strings[2] . '</span>'; my $escaped_non_gpguser = escape_arobase($input_mail_addr); my $random_mailform_fn_str = String::Random->new; my @mailform_fn_str_buffer = (); @@ -134,14 +130,12 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ } my $mailform_fn_str_buffer_nospace = join('',@mailform_fn_str_buffer); - my $GENERATED_FORM_FILENAME = - "$mailform_fn_str_buffer_nospace.cgi"; + my $GENERATED_FORM_FILENAME = "$mailform_fn_str_buffer_nospace.cgi"; my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME"; - if (open my $mailform_fh, ">", $MAILFORM_RELPATH){ - print $mailform_fh '#! /usr/bin/perl -wT',"\n\n", - ' my $non_gpguser = q{', $non_gpguser - , '};', "\n", + if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){ + print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n" + ' my $non_gpguser = q{'. $non_gpguser .'};', "\n", 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n", '$ENV{\'PATH\'}="/usr/bin";', 'use warnings;', "\n", @@ -150,7 +144,7 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ '#use CGI::Carp qw(fatalsToBrowser);', 'use CGI qw(param);', "\n", 'my $cgi_query_get = CGI->new;', "\n", - 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n", + 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n", '$msg_form_char_limit = '. $msg_form_char_limit . ' ;', "\n", '$msg_form = $cgi_query_get->param(\'msg\');', "\n", 'my $length_msg_form = length $msg_form;', "\n", @@ -161,19 +155,15 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ '} else {', "\n", 'if (defined $cgi_query_get->param(\'msg\') and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n", ' $msg_form =~ tr/\r//d;', "\n", - ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => - "/usr/share/www-data/.gnupg/");', "\n", - ' $enc_msg = $gpg->encrypt("De la part de " . - $non_gpguser . ":\n". $msg, \'0x'. $mymail_gpgid .'\') or die - $gpg->error();', "\n"; - if ($HAS_MAILSERVER eq 0){ - print 'use Net::SMTP;',"\n", + ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n", + ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg, \'0x'. $mymail_gpgid .'\') or die $gpg->error();', "\n"; + + if ($HAS_MAILSERVER eq 0){ + print 'use Net::SMTP;',"\n", 'use Net::SMTPS;',"\n", - 'my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', - doSSL => \'ssl\', Debug_SSL => 0);', "\n", + 'my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", '$smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", - '$smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: - $!.";', "\n", + '$smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", 'if ($smtp->to(\''. $mymailaddr .'\')){', "\n", ' $smtp->data();', "\n", ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", @@ -184,70 +174,62 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ 'else {', "\n", ' die $smtp->message();', "\n", '}', "\n"; - } - else { - undef $mymailaddr_escaped; - print 'use Mail::Sendmail;', + } + else { + undef $mymailaddr_escaped; + print 'use Mail::Sendmail;', '%mail = ( To => \''.$mymailaddr.'\',' , "\n", ' From => \''.$mymailaddr.'\',', "\n", ' Subject => \'Gpigeon\' ', "\n", ' Message => "$enc_msg\n" ', "\n", ');', "\n", - 'sendmail(%mail) or die $Mail::Sendmail::error;', "\n" - ; - - } - print 'unlink "../' . $MAILFORM_RELPATH . '";', "\n", + 'sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; + } + print 'unlink "../' . $MAILFORM_RELPATH . '";', "\n", 'print "Location: /gpigeon/merci/index.html\n\n";', "\n", '}', "\n", '}', "\n", 'print "Content-type: text/html", "\n\n";', "\n", - 'print qq{<!DOCTYPE html>', "\n", + 'print q{<!DOCTYPE html>', "\n", '<html>', "\n", ' <head>', "\n", - ' <link rel="icon" sizes="48x48" ',"\n", - 'type="image/ico" href="/gpigeon/favicon.ico">', "\n", - '<link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">'; - '<meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n"; - '<title>Formulaire ', "\n", - 'd\'envoi de message GPG</title>',"\n", + ' <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico">', "\n", + ' <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">'; + ' <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n", + ' <title>Formulaire d\'envoi de message GPG</title>',"\n", ' </head>', "\n", ' <body>', "\n", - ' <p>'. $text_strings[7] . '<b>' - .$escaped_non_gpguser .'</b> :</p>', "\n", + ' <p>'. $text_strings[7] . '<b>' .$escaped_non_gpguser .'</b> :</p>', "\n", ' <form method="POST">', "\n", - ' <textarea "', "\n", - 'wrap="off" cols="50" rows="30" name="msg"></textarea>', "\n", - '<br>};', "\n", - 'if(defined $error_processing_msg){printf $error_processing_msg;}', "\n", - 'printf qq{<br><input type="submit" - value="'. $text_strings[8] .'">', "\n", + ' <textarea wrap="off" cols="50" rows="30" name="msg"></textarea><br>', + '};', "\n", + 'if (defined $error_processing_msg){printf $error_processing_msg;}', "\n", + 'printf qq{ <br> + <input type="submit" value="'. $text_strings[8] .'">', "\n", ' </form>', "\n", ' </body>', "\n", - '</html>};'; - close $mailform_fh; + '</html> };'; + close $gpg_form_fh; chmod(0755,$MAILFORM_RELPATH); - - $notif_de_creation="<span style=\'color:green\'>$text_strings[9] $non_gpguser</span><br><a href=\'$MAILFORM_LINK\'>$MAILFORM_LINK</a>"; + $notif_de_creation='<span style="color:green">'. $text_strings[9] . $non_gpguser .'</span><br><a href="'. $MAILFORM_LINK .'">'. $MAILFORM_LINK .'</a>'; } else{ - close $mailform_fh and die "cant open $MAILFORM_RELPATH: $!"; - + close $gpg_form_fh and die "cant open $MAILFORM_RELPATH: $!"; } } else{ - $notif_mail_valide = "<span style='color:red'>$text_strings[1] - $non_gpguser $text_strings[3].</span>"; + $notif_mail_valide = "<span style='color:red'>$text_strings[1] $non_gpguser $text_strings[3].</span>"; } } - opendir my $dir_handle, './l' or die "Can't open ./l: $!"; + opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; - while (readdir $dir_handle) { + while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ my $gpg_form_fn = $_; my $non_gpguser = undef; if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){ + for (1..4){ $non_gpguser = readline $gpg_form_handle; $non_gpguser =~ s/q\{(.*?)\}//i; @@ -260,84 +242,77 @@ if ( sha256_hex($PASSWD) eq $PASSWD_HASH and $ENV{'REQUEST_METHOD'} eq 'POST'){ } #create links table html - push @created_links, '<tr>',"\n", - "\t<td><a href='/cgi-bin/l/$gpg_form_fn'>ici</a></td>", "\n", - "\t<td><a - href='mailto:$non_gpguser?subject=$text_strings[10]", - "gpg&body=$text_strings[11] http://$SRV_NAME/cgi-bin/l/$gpg_form_fn'>$non_gpguser</a></td>", "\n", - '<td> - <form method="POST"> - <input type="hidden" name="supprlien" - value="'.$gpg_form_fn.'"> - <input type="hidden" name="password" - value="'.$cgi_query_get->param('password').'"> - <input type="submit" value="'. $text_strings[12] .'"> - </form> - </td>', "\n", - '</tr>'; + push @created_links, + '<tr> + <td><a href="/cgi-bin/l/'. $gpg_form_fn .'">ici</a></td> + <td><a href="mailto:'. $non_gpguser .'?subject=$text_strings[10] gpg&body=$text_strings[11] http://$SRV_NAME/cgi-bin/l/'. $gpg_form_fn .'">$non_gpguser</a></td> + <td> + <form method="POST"> + <input type="hidden" name="supprlien" value="'. $gpg_form_fn .'"> + <input type="hidden" name="password" value="'. $cgi_query_get->param('password') .'"> + <input type="submit" value="'. $text_strings[12] .'"> + </form> + </td> + </tr>'; } else { close $gpg_form_handle; - die "Content-type: text/plain", "\n\n", - "$text_strings[13] $gpg_form_fn: $!"; + die 'Content-type: text/plain', "\n\n", "$text_strings[13] $gpg_form_fn: $!"; } - - } } - closedir $dir_handle; + closedir $link_dir_handle; print $HTML_CONTENT_TYPE_HEADER,"\n\n", - '<!DOCTYPE html>', "\n", - '<html>', "\n", - '<head>', "\n", - '<link rel="icon" sizes="48x48" ',"\n", - 'type="image/ico" href="/gpigeon/favicon.ico">', "\n", - '<link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">'; - '<meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n"; - '<title>'. $text_strings[14] .'</title>', "\n", - '</head>', "\n", - '<body>', "\n", - '<p>'. $text_strings[15] .'</p>', "\n", - '<form method="POST">', "\n", - '<input type="hidden" name="password" value="0">', "\n", - '<input type="submit" value="'. $text_strings[16] .'">', "\n", - '</form>', "\n", - '<form method="POST">', "\n", + '<!DOCTYPE html> + <html> + <head> + <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico"> , + <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'"> + <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'"> + <title>'. $text_strings[14] .'</title> + </head> + <body> + <p>.' $text_strings[15] .'</p> + <form method="POST"> + <input type="hidden" name="password" value="0"> + <input type="submit" value="'. $text_strings[16] .'"> + </form> + <form method="POST"> $psswd_formfield, - ' <input type="submit" value="'. $text_strings[17] .'">', "\n", - '</form>', "\n", - '<hr>', "\n", - '<br>', "\n", - '<form method="POST">', "\n", + <input type="submit" value="'. $text_strings[17] .'"> + </form> + <hr> + <br> + <form method="POST">', $psswd_formfield, - 'Mail de la personne:<br>', "\n", - '<input tabindex="1" type="text" name="mail">', "\n", - '<input tabindex="2" type="submit" value="'. - $text_strings[18] .'">', "\n", - '</form>', "\n", - notif_if_defined($notif_mail_valide), '<br>', "\n", + 'Mail de la personne:<br> + <input tabindex="1" type="text" name="mail"> + <input tabindex="2" type="submit" value="'. $text_strings[18] .'"> + </form>', + notif_if_defined($notif_mail_valide), + '<br>', notif_if_defined($notif_de_creation), - '<hr>', "\n", - '<p>'. $text_strings[19] .'</p>', "\n", - '<form method="POST">', "\n", + '<hr> + <p>'. $text_strings[19] .'</p>', + '<form method="POST">', $psswd_formfield, - '<input type="hidden" name="supprtout">', "\n", - '<input type="submit" value="'. $text_strings[20] .'">', "\n", - '</form>', "\n", + '<input type="hidden" name="supprtout"> + <input type="submit" value="'. $text_strings[20] .'"> + </form>', notif_if_defined($notif_suppression), - '<table>', "\n", - '<tr>', "\n", - '<th>'. $text_strings[21] .'</th>', "\n", - '<th>'. $text_strings[22] .'</th>', "\n", - '<th>'. $text_strings[23] .'</th>', "\n", - '</tr>', "\n", - "@created_links", "\n", - '</table>', "\n", - '</body>', "\n", - '</html>'; + '<table> + <tr> + <th>'. $text_strings[21] .'</th>', + '<th>'. $text_strings[22] .'</th>', + '<th>'. $text_strings[23] .'</th>', + '</tr>', + "@created_links", + '</table> + </body> + </html>'; } else { - print 'Location: /gpigeon/index.html', "\n\n"; + print 'Location: /index.html', "\n\n"; } |