aboutsummaryrefslogtreecommitdiff
path: root/gpigeon-template.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'gpigeon-template.cgi')
-rwxr-xr-xgpigeon-template.cgi225
1 files changed, 68 insertions, 157 deletions
diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi
index 210cc59..1369c4e 100755
--- a/gpigeon-template.cgi
+++ b/gpigeon-template.cgi
@@ -6,16 +6,7 @@ use Crypt::Argon2 qw(argon2id_verify);
use Email::Valid;
use String::Random;
use CGI qw(param);
-#use CGI::Carp qw(fatalsToBrowser);
-
-sub escape_arobase {
- my $mailaddress = shift;
- my $arobase = '@';
- my $espaced_arob = q{\@};
- my $escapedmailaddress = $mailaddress;
- $escapedmailaddress =~ s/$arobase/$espaced_arob/;
- return $escapedmailaddress;
-}
+use CGI::Carp qw(fatalsToBrowser);
sub untaint_cgi_filename {
my $filename = shift;
@@ -42,21 +33,13 @@ sub notif_if_defined{
delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};
$ENV{'PATH'} = '/usr/bin';
-my $HAS_MAILSERVER = 0;
-my $SRV_NAME = $ENV{'SERVER_NAME'};
-my $HTML_CONTENT_TYPE_HEADER = 'Content-type: text/html';
-my $HTML_CHARSET = 'UTF-8';
-my $HTML_CSS = '/gpigeon.css';
-my $mymailaddr = q{your_mail_address_goes_here};
-my $mymailaddr_pw = q{your_mail_address_password_goes_here};
-my $mymail_smtp = q{smtp_domain_goes_here};
-my $mymail_smtport = q{smtp_port_goes_here};
-my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form
-my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash please
-my $mymailaddr_escaped = escape_arobase($mymailaddr);
-my $msg_form_char_limit = 3000;
+my $HOSTNAME = $ENV{'SERVER_NAME'};
+my $LINK_TEMPLATE_PATH='/usr/share/webapps/gpigeon/link-template.pl'; # this is the file where the SMTP and mail address values goes
+my $msg_form_char_limit = 3000;
+my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash format
my %text_strings = (link_del_ok => 'Successful removal !',
addr => 'Address',
+ here => 'here',
addr_ok => 'is valid!',
addr_nok => 'is not valid !',
addr_unknown => 'Unknown',
@@ -80,171 +63,99 @@ my %text_strings = (link_del_ok => 'Successful removal !',
msg_too_long => 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.',
msg_empty => 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.',
notif_login_failure => 'Cannot login. Check if your username and password match.'
- );
+);
my $cgi_query_get = CGI->new;
my $PASSWD = $cgi_query_get->param('password');
-my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef;
+my ($linkgen_notif, $mailisok_notif, $deletion_notif) = undef;
my @created_links = ();
if (argon2id_verify($PASSWD_HASH,$PASSWD)){
- my $psswd_formfield = '<input type="hidden" name="password" value="' . $cgi_query_get->param('password') . '">';
+ my $hidden_pwfield = '<input type="hidden" name="password" value="' . $PASSWD . '">';
if (defined $cgi_query_get->param('supprlien')){
my $pending_deletion = $cgi_query_get->param('supprlien');
- my $gpg_form_fn = "./l/$pending_deletion";
- if (unlink untaint_cgi_filename($gpg_form_fn)){
- $notif_suppression=qq{<span style="color:green">$text_strings{link_del_ok}</span>};
+ my $linkfile_fn = "./l/$pending_deletion";
+ if (unlink untaint_cgi_filename($linkfile_fn)){
+ $deletion_notif=qq{<span style="color:green">$text_strings{link_del_ok}</span>};
}
else {
- $notif_suppression=qq{<span style="color:red">$text_strings{link_del_failed} $gpg_form_fn : $!</span>};
+ $deletion_notif=qq{<span style="color:red">$text_strings{link_del_failed} $linkfile_fn : $!</span>};
}
}
if (defined $cgi_query_get->param('supprtout')){
opendir my $link_dir_handle, './l' or die "Can't open ./l: $!";
-
while (readdir $link_dir_handle) {
if ($_ ne '.' and $_ ne '..'){
- my $gpg_form_fn = "./l/$_";
- unlink untaint_cgi_filename($gpg_form_fn) or die "$!";
- $notif_suppression=qq{<span style="color:green">$text_strings{link_del_ok}</span>};
+ my $linkfile_fn = "./l/$_";
+ unlink untaint_cgi_filename($linkfile_fn) or die "$!";
+ $deletion_notif=qq{<span style="color:green">$text_strings{link_del_ok}</span>};
}
}
closedir $link_dir_handle;
}
if (defined $cgi_query_get->param('mail')){
- my $non_gpguser = scalar $cgi_query_get->param('mail');
+ my $link_asker = scalar $cgi_query_get->param('mail');
- if ( Email::Valid->address($non_gpguser) ){
- $notif_mail_valide = qq{<span style="color:green">$text_strings{addr} $non_gpguser $text_strings{addr_ok}</span>};
- my $escaped_non_gpguser = escape_arobase($non_gpguser);
+ if ( Email::Valid->address($link_asker) ){
+ $mailisok_notif = qq{<span style="color:green">$text_strings{addr} $link_asker $text_strings{addr_ok}</span>};
+ my $escaped_link_asker = escape_arobase($link_asker);
my $str_rand_obj = String::Random->new;
my $random_fn = $str_rand_obj->randregex('\w{64}');
-
my $GENERATED_FORM_FILENAME = "$random_fn.cgi";
- my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME";
- my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME";
- if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){
- print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n",
- ' my $non_gpguser = q{'. $non_gpguser .'};', "\n",
- 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n",
- '$ENV{\'PATH\'}="/usr/bin";', "\n",
- 'use warnings;', "\n",
- 'use strict;',"\n",
- 'use GPG;',"\n",
- '#use CGI::Carp qw(fatalsToBrowser);', "\n",
- 'use CGI qw(param);', "\n",
- 'my $cgi_query_get = CGI->new;', "\n",
- 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n",
- '$msg_form_char_limit = '. $msg_form_char_limit . ' ;', "\n",
- '$msg_form = $cgi_query_get->param(\'msg\');', "\n",
- 'my $length_msg_form = length $msg_form;', "\n",
-
- 'if (defined $length_msg_form and $length_msg_form > $msg_form_char_limit){', "\n",
- ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings{msg_too_long} .'.</b></span>};', "\n",
- '} elsif (defined $length_msg_form and $length_msg_form eq 0 ){', "\n",
- ' $error_processing_msg = q{<span style="color:red"><b>'. $text_strings{msg_empty} . '.</b></span>};', "\n",
- '} else {', "\n",
- ' if (defined $length_msg_form and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n",
- ' $msg_form =~ tr/\r//d;', "\n",
- ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n",
- ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg_form, \''. $mymail_gpgid .'\') or die $gpg->error();', "\n";
- if ($HAS_MAILSERVER){
- undef $mymailaddr_escaped;
- print $gpg_form_fh "\n",
- ' use Mail::Sendmail;', "\n",
- ' my %mail = ( To => \''.$mymailaddr.'\', ', "\n",
- ' From => \''.$mymailaddr.'\', ', "\n",
- ' Subject => \'Gpigeon\', ', "\n",
- ' Message => "$enc_msg\n" ', "\n",
- ' );', "\n",
- ' sendmail(%mail) or die $Mail::Sendmail::error;', "\n";
- }
- else {
- print $gpg_form_fh "\n",
- ' use Net::SMTP;',"\n",
- ' use Net::SMTPS;',"\n",
- ' my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n",
- ' $smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n",
- ' $smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n",
- ' if ($smtp->to(\''. $mymailaddr .'\')){', "\n",
- ' $smtp->data();', "\n",
- ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n",
- ' $smtp->datasend("\n");', "\n",
- ' $smtp->datasend("$enc_msg\n");', "\n",
- ' $smtp->dataend();', "\n",
- ' }', "\n",
- ' else {', "\n",
- ' die $smtp->message();', "\n",
- ' }', "\n";
- }
- print $gpg_form_fh "\n",
- ' unlink "../' . $MAILFORM_RELPATH . '";', "\n",
- ' print "Location: /merci/index.html\n\n";', "\n",
- ' }', "\n",
- '}', "\n",
- 'print "Content-type: text/html", "\n\n";', "\n",
- 'print q{<!DOCTYPE html>', "\n",
- '<html>', "\n",
- ' <head>', "\n",
- ' <link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico">', "\n",
- ' <link rel="stylesheet" type="text/css" href="'. $HTML_CSS .'">',
- ' <meta http-equiv="content-type" content="text/html;charset='. $HTML_CHARSET .'">',"\n",'<meta charset="'. $HTML_CHARSET .'">',"\n",
- ' <title>Formulaire d\'envoi de message GPG</title>',"\n",
- ' </head>', "\n",
- ' <body>', "\n",
- ' <p>'. $text_strings[7] . '<b>' . $non_gpguser .'</b> :</p>', "\n",
- ' <form method="POST">', "\n",
- ' <textarea wrap="off" cols="50" rows="30" name="msg"></textarea><br>',
- '};', "\n",
- 'if (defined $error_processing_msg){printf $error_processing_msg;}', "\n",
- 'printf qq{ <br>
- <input type="submit" value="'. $text_strings{link_send_btn} .'">', "\n",
- ' </form>', "\n",
- ' </body>', "\n",
- '</html> };';
- close $gpg_form_fh;
- chmod(0755,$MAILFORM_RELPATH);
- $notif_de_creation=qq{<span style="color:green">$text_strings{link_generated_ok} $non_gpguser: </span><br><a href="$MAILFORM_LINK">$MAILFORM_LINK</a>}; }
- else{
- close $gpg_form_fh and die "Can't open $MAILFORM_RELPATH: $!";
- }
+ my $HREF_LINK = "https://$HOSTNAME/cgi-bin/l/$GENERATED_FORM_FILENAME";
+ my $LINK_FILENAME = "./l/$GENERATED_FORM_FILENAME";
+
+ open my $in, '<', $LINK_TEMPLATE_PATH or die "Can't read link template file: $!";
+ open my $out, '>', $LINK_FILENAME or die "Can't write to link file: $!";
+ while( <$in> ) {
+ s/{link_user}/{$link_asker}/g;
+ s/{link_filename}/{$LINK_FILENAME}/g;
+ s/{msg_too_long}/$text_strings{msg_too_long}/g;
+ s/{msg_empty}/$text_strings{msg_empty}/g;
+ s/{msg_form_char_limit}/$msg_form_char_limit/g;
+ s/{link_send_btn}/$text_strings{link_send_btn}/g;
+ print $out $_;
+ }
+ close $in or die;
+ chmod(0755,$LINK_FILENAME) or die;
+ close $out or die;
+
+ $linkgen_notif = qq{<span style="color:green">$text_strings{link_generated_ok} $link_asker: </span><br><a href="$HREF_LINK">$HREF_LINK</a>};
}
else{
- $notif_mail_valide = qq{<span style="color:red">$text_strings{addr} $non_gpguser $text_strings{addr_nok}.</span>};
+ $mailisok_notif = qq{<span style="color:red">$text_strings{addr} $link_asker $text_strings{addr_nok}.</span>};
}
}
-
- opendir my $link_dir_handle, './l' or die "Can't open ./l: $!";
+
+ opendir my $link_dir_handle, './l' or die "Can't open ./l: $!";
while (readdir $link_dir_handle) {
if ($_ ne '.' and $_ ne '..'){
- my $gpg_form_fn = $_;
- my $non_gpguser = undef;
- if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){
-
- for (1..3){
- $non_gpguser = readline $gpg_form_handle;
- $non_gpguser =~ s/q\{(.*?)\}//i;
- $non_gpguser = $1;
+ my $linkfile_fn = $_;
+ my $link_asker = undef;
+ if (open my $linkfile_handle , '<', "./l/$linkfile_fn"){
+ for (1..2){
+ $link_asker = readline $linkfile_handle;
+ $link_asker =~ s/q\{(.*?)\}//i;
+ $link_asker = $1;
}
- close $gpg_form_handle;
+ close $linkfile_handle;
- if (not defined $non_gpguser){
- $non_gpguser = $text_strings{unknown};
+ if (not defined $link_asker){
+ $link_asker = $text_strings{unknown};
}
-
#create links table html
push @created_links,
qq{<tr>
- <td><a href="/cgi-bin/l/$gpg_form_fn">ici</a></td>
- <td><a href="mailto:$non_gpguser?subject=$text_strings{mailto_subject}&body=$text_strings{mailto_body} http://$SRV_NAME/cgi-bin/l/$gpg_form_fn">$non_gpguser</a></td>
+ <td><a href="/cgi-bin/l/$linkfile_fn">ici</a></td>
+ <td><a href="mailto:$link_asker?subject=$text_strings{mailto_subject}&body=$text_strings{mailto_body} http://$HOSTNAME/cgi-bin/l/$linkfile_fn">$link_asker</a></td>
<td>
<form method="POST">
- <input type="hidden" name="supprlien" value="$gpg_form_fn">
- <input type="hidden" name="password" value="$cgi_query_get->param('password')">
+ <input type="hidden" name="supprlien" value="$linkfile_fn">
+ <input type="hidden" name="password" value="$PASSWD">
<input type="submit" value="$text_strings{delete_link_btn_text}">
</form>
</td>
@@ -252,21 +163,21 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){
}
else {
- close $gpg_form_handle;
- die 'Content-type: text/plain', "\n\n", "Error: Can't open $gpg_form_fn: $!";
+ close $linkfile_handle;
+ die 'Content-type: text/plain', "\n\n", "Error: Can't open $linkfile_fn: $!";
}
}
}
closedir $link_dir_handle;
- print $HTML_CONTENT_TYPE_HEADER,"\n\n",
+ print 'Content-type: text/html',"\n\n",
qq{<!DOCTYPE html>
<html>
<head>
<link rel="icon" sizes="48x48" type="image/ico" href="/favicon.ico">
- <link rel="stylesheet" type="text/css" href="$HTML_CSS">
- <meta http-equiv="content-type" content="text/html;charset=$HTML_CHARSET">
- <meta charset="$HTML_CHARSET">
+ <link rel="stylesheet" type="text/css" href="/styles.css">
+ <meta http-equiv="content-type" content="text/html;charset=UTF-8">
+ <meta charset="UTF-8">
<title>$text_strings{web_title}</title>
</head>
<body>
@@ -276,27 +187,27 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){
<input type="submit" value="$text_strings{disconnect_btn_text}">
</form>
<form method="POST">
- $psswd_formfield
+ $hidden_pwfield
<input type="submit" value="$text_strings{refresh_btn_text}">
</form>
<hr>
<br>
<form method="POST">
- $psswd_formfield
+ $hidden_pwfield
Mail de la personne:<br>
<input tabindex="1" type="text" name="mail">
<input tabindex="2" type="submit" value="$text_strings{create_link_btn}">
</form>},
- notif_if_defined($notif_mail_valide),
+ notif_if_defined($mailisok_notif),
'<br>'
- notif_if_defined($notif_de_creation),
+ notif_if_defined($linkgen_notif),
qq{<hr>
<form method="POST">
- $psswd_formfield
+ $hidden_pwfield
<input type="hidden" name="supprtout">
<input type="submit" value="$text_strings{delete_links_btn_text}">
</form>},
- notif_if_defined($notif_suppression),
+ notif_if_defined($deletion_notif),
qq{<table>
<tr>
<th>$text_strings{theader_link}</th>