From 78980dcae3e038072ef72b4cc55020d5a95c8b79 Mon Sep 17 00:00:00 2001 From: Miquel Lionel Date: Sun, 28 Feb 2021 11:35:59 +0100 Subject: use template instead of writing perl in perl - also renamed gpigeon.css -> styles.css. more standard - utf-8 rules. other charset can't defeat him. --- gpigeon-template.cgi | 225 ++++++++++++++++----------------------------------- 1 file changed, 68 insertions(+), 157 deletions(-) (limited to 'gpigeon-template.cgi') diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi index 210cc59..1369c4e 100755 --- a/gpigeon-template.cgi +++ b/gpigeon-template.cgi @@ -6,16 +6,7 @@ use Crypt::Argon2 qw(argon2id_verify); use Email::Valid; use String::Random; use CGI qw(param); -#use CGI::Carp qw(fatalsToBrowser); - -sub escape_arobase { - my $mailaddress = shift; - my $arobase = '@'; - my $espaced_arob = q{\@}; - my $escapedmailaddress = $mailaddress; - $escapedmailaddress =~ s/$arobase/$espaced_arob/; - return $escapedmailaddress; -} +use CGI::Carp qw(fatalsToBrowser); sub untaint_cgi_filename { my $filename = shift; @@ -42,21 +33,13 @@ sub notif_if_defined{ delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; $ENV{'PATH'} = '/usr/bin'; -my $HAS_MAILSERVER = 0; -my $SRV_NAME = $ENV{'SERVER_NAME'}; -my $HTML_CONTENT_TYPE_HEADER = 'Content-type: text/html'; -my $HTML_CHARSET = 'UTF-8'; -my $HTML_CSS = '/gpigeon.css'; -my $mymailaddr = q{your_mail_address_goes_here}; -my $mymailaddr_pw = q{your_mail_address_password_goes_here}; -my $mymail_smtp = q{smtp_domain_goes_here}; -my $mymail_smtport = q{smtp_port_goes_here}; -my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form -my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash please -my $mymailaddr_escaped = escape_arobase($mymailaddr); -my $msg_form_char_limit = 3000; +my $HOSTNAME = $ENV{'SERVER_NAME'}; +my $LINK_TEMPLATE_PATH='/usr/share/webapps/gpigeon/link-template.pl'; # this is the file where the SMTP and mail address values goes +my $msg_form_char_limit = 3000; +my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash format my %text_strings = (link_del_ok => 'Successful removal !', addr => 'Address', + here => 'here', addr_ok => 'is valid!', addr_nok => 'is not valid !', addr_unknown => 'Unknown', @@ -80,171 +63,99 @@ my %text_strings = (link_del_ok => 'Successful removal !', msg_too_long => 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.', msg_empty => 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.', notif_login_failure => 'Cannot login. Check if your username and password match.' - ); +); my $cgi_query_get = CGI->new; my $PASSWD = $cgi_query_get->param('password'); -my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; +my ($linkgen_notif, $mailisok_notif, $deletion_notif) = undef; my @created_links = (); if (argon2id_verify($PASSWD_HASH,$PASSWD)){ - my $psswd_formfield = ''; + my $hidden_pwfield = ''; if (defined $cgi_query_get->param('supprlien')){ my $pending_deletion = $cgi_query_get->param('supprlien'); - my $gpg_form_fn = "./l/$pending_deletion"; - if (unlink untaint_cgi_filename($gpg_form_fn)){ - $notif_suppression=qq{$text_strings{link_del_ok}}; + my $linkfile_fn = "./l/$pending_deletion"; + if (unlink untaint_cgi_filename($linkfile_fn)){ + $deletion_notif=qq{$text_strings{link_del_ok}}; } else { - $notif_suppression=qq{$text_strings{link_del_failed} $gpg_form_fn : $!}; + $deletion_notif=qq{$text_strings{link_del_failed} $linkfile_fn : $!}; } } if (defined $cgi_query_get->param('supprtout')){ opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; - while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = "./l/$_"; - unlink untaint_cgi_filename($gpg_form_fn) or die "$!"; - $notif_suppression=qq{$text_strings{link_del_ok}}; + my $linkfile_fn = "./l/$_"; + unlink untaint_cgi_filename($linkfile_fn) or die "$!"; + $deletion_notif=qq{$text_strings{link_del_ok}}; } } closedir $link_dir_handle; } if (defined $cgi_query_get->param('mail')){ - my $non_gpguser = scalar $cgi_query_get->param('mail'); + my $link_asker = scalar $cgi_query_get->param('mail'); - if ( Email::Valid->address($non_gpguser) ){ - $notif_mail_valide = qq{$text_strings{addr} $non_gpguser $text_strings{addr_ok}}; - my $escaped_non_gpguser = escape_arobase($non_gpguser); + if ( Email::Valid->address($link_asker) ){ + $mailisok_notif = qq{$text_strings{addr} $link_asker $text_strings{addr_ok}}; + my $escaped_link_asker = escape_arobase($link_asker); my $str_rand_obj = String::Random->new; my $random_fn = $str_rand_obj->randregex('\w{64}'); - my $GENERATED_FORM_FILENAME = "$random_fn.cgi"; - my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; - my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME"; - if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){ - print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n", - ' my $non_gpguser = q{'. $non_gpguser .'};', "\n", - 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n", - '$ENV{\'PATH\'}="/usr/bin";', "\n", - 'use warnings;', "\n", - 'use strict;',"\n", - 'use GPG;',"\n", - '#use CGI::Carp qw(fatalsToBrowser);', "\n", - 'use CGI qw(param);', "\n", - 'my $cgi_query_get = CGI->new;', "\n", - 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n", - '$msg_form_char_limit = '. $msg_form_char_limit . ' ;', "\n", - '$msg_form = $cgi_query_get->param(\'msg\');', "\n", - 'my $length_msg_form = length $msg_form;', "\n", - - 'if (defined $length_msg_form and $length_msg_form > $msg_form_char_limit){', "\n", - ' $error_processing_msg = q{'. $text_strings{msg_too_long} .'.};', "\n", - '} elsif (defined $length_msg_form and $length_msg_form eq 0 ){', "\n", - ' $error_processing_msg = q{'. $text_strings{msg_empty} . '.};', "\n", - '} else {', "\n", - ' if (defined $length_msg_form and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n", - ' $msg_form =~ tr/\r//d;', "\n", - ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n", - ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg_form, \''. $mymail_gpgid .'\') or die $gpg->error();', "\n"; - if ($HAS_MAILSERVER){ - undef $mymailaddr_escaped; - print $gpg_form_fh "\n", - ' use Mail::Sendmail;', "\n", - ' my %mail = ( To => \''.$mymailaddr.'\', ', "\n", - ' From => \''.$mymailaddr.'\', ', "\n", - ' Subject => \'Gpigeon\', ', "\n", - ' Message => "$enc_msg\n" ', "\n", - ' );', "\n", - ' sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; - } - else { - print $gpg_form_fh "\n", - ' use Net::SMTP;',"\n", - ' use Net::SMTPS;',"\n", - ' my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", - ' $smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", - ' $smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", - ' if ($smtp->to(\''. $mymailaddr .'\')){', "\n", - ' $smtp->data();', "\n", - ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", - ' $smtp->datasend("\n");', "\n", - ' $smtp->datasend("$enc_msg\n");', "\n", - ' $smtp->dataend();', "\n", - ' }', "\n", - ' else {', "\n", - ' die $smtp->message();', "\n", - ' }', "\n"; - } - print $gpg_form_fh "\n", - ' unlink "../' . $MAILFORM_RELPATH . '";', "\n", - ' print "Location: /merci/index.html\n\n";', "\n", - ' }', "\n", - '}', "\n", - 'print "Content-type: text/html", "\n\n";', "\n", - 'print q{', "\n", - '', "\n", - ' ', "\n", - ' ', "\n", - ' ', - ' ',"\n",'',"\n", - ' Formulaire d\'envoi de message GPG',"\n", - ' ', "\n", - ' ', "\n", - '

'. $text_strings[7] . '' . $non_gpguser .' :

', "\n", - '
', "\n", - '
', - '};', "\n", - 'if (defined $error_processing_msg){printf $error_processing_msg;}', "\n", - 'printf qq{
- ', "\n", - '
', "\n", - ' ', "\n", - ' };'; - close $gpg_form_fh; - chmod(0755,$MAILFORM_RELPATH); - $notif_de_creation=qq{$text_strings{link_generated_ok} $non_gpguser:
$MAILFORM_LINK}; } - else{ - close $gpg_form_fh and die "Can't open $MAILFORM_RELPATH: $!"; - } + my $HREF_LINK = "https://$HOSTNAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; + my $LINK_FILENAME = "./l/$GENERATED_FORM_FILENAME"; + + open my $in, '<', $LINK_TEMPLATE_PATH or die "Can't read link template file: $!"; + open my $out, '>', $LINK_FILENAME or die "Can't write to link file: $!"; + while( <$in> ) { + s/{link_user}/{$link_asker}/g; + s/{link_filename}/{$LINK_FILENAME}/g; + s/{msg_too_long}/$text_strings{msg_too_long}/g; + s/{msg_empty}/$text_strings{msg_empty}/g; + s/{msg_form_char_limit}/$msg_form_char_limit/g; + s/{link_send_btn}/$text_strings{link_send_btn}/g; + print $out $_; + } + close $in or die; + chmod(0755,$LINK_FILENAME) or die; + close $out or die; + + $linkgen_notif = qq{$text_strings{link_generated_ok} $link_asker:
$HREF_LINK}; } else{ - $notif_mail_valide = qq{$text_strings{addr} $non_gpguser $text_strings{addr_nok}.}; + $mailisok_notif = qq{$text_strings{addr} $link_asker $text_strings{addr_nok}.}; } } - - opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; + + opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = $_; - my $non_gpguser = undef; - if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){ - - for (1..3){ - $non_gpguser = readline $gpg_form_handle; - $non_gpguser =~ s/q\{(.*?)\}//i; - $non_gpguser = $1; + my $linkfile_fn = $_; + my $link_asker = undef; + if (open my $linkfile_handle , '<', "./l/$linkfile_fn"){ + for (1..2){ + $link_asker = readline $linkfile_handle; + $link_asker =~ s/q\{(.*?)\}//i; + $link_asker = $1; } - close $gpg_form_handle; + close $linkfile_handle; - if (not defined $non_gpguser){ - $non_gpguser = $text_strings{unknown}; + if (not defined $link_asker){ + $link_asker = $text_strings{unknown}; } - #create links table html push @created_links, qq{ - ici - $non_gpguser + ici + $link_asker
- - + +
@@ -252,21 +163,21 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){ } else { - close $gpg_form_handle; - die 'Content-type: text/plain', "\n\n", "Error: Can't open $gpg_form_fn: $!"; + close $linkfile_handle; + die 'Content-type: text/plain', "\n\n", "Error: Can't open $linkfile_fn: $!"; } } } closedir $link_dir_handle; - print $HTML_CONTENT_TYPE_HEADER,"\n\n", + print 'Content-type: text/html',"\n\n", qq{ - - - + + + $text_strings{web_title} @@ -276,27 +187,27 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){
- $psswd_formfield + $hidden_pwfield


- $psswd_formfield + $hidden_pwfield Mail de la personne:
}, - notif_if_defined($notif_mail_valide), + notif_if_defined($mailisok_notif), '
' - notif_if_defined($notif_de_creation), + notif_if_defined($linkgen_notif), qq{
- $psswd_formfield + $hidden_pwfield
}, - notif_if_defined($notif_suppression), + notif_if_defined($deletion_notif), qq{ -- cgit v1.2.3-70-g09d2
$text_strings{theader_link}