@@ -498,10 +527,13 @@ EOF
next if ($field eq 'group');
push (@values, '');
+
+ $field = encode_entities ($field);
+ $print = encode_entities ($print);
for (@values)
{
- my $value = $_;
+ my $value = encode_entities ($_);
print <
@@ -525,7 +557,7 @@ EOF
for (@all_groups)
{
my $group = $_;
- my $group_name = $group->name ();
+ my $group_name = encode_entities ($group->name ());
my $selected = '';
if (grep { $cn eq $_ } ($group->get_members ()))
@@ -625,7 +657,8 @@ sub action_save
}
else
{
- print qq(\t
Group "$group_name" does not exist or could not be loaded.
\n);
+ my $group_html = encode_entities ($group_name);
+ print qq(\t
Group "$group_html" does not exist or could not be loaded.
\n);
}
}
@@ -671,7 +704,10 @@ sub action_update
$person->firstname ($firstname) if ($firstname and $firstname ne $person->firstname ());
$cn = $person->name ();
- # FIXME Fix groups
+ # FIXME Fix groups:
+ # Each group is one entry of type (objectClass=groupOfNames)
+ # with one or more `member' attributes. These attributes are
+ # the `dn' (distinguished name) of the member entries.
}
my $contacts = get_contacts ();
@@ -693,36 +729,49 @@ sub action_update
}
}
- my %changed_groups = map { $_ => 1 } (param ('group'));
- my @current_groups = LiCoM::Group->load_by_member ($cn);
-
- for (@current_groups)
+ # only `authorized' users may see and change groups
+ if ($UserID)
{
- my $group_obj = $_;
- my $group_name = $group_obj->name ();
+ my %changed_groups = map { $_ => 1 } (param ('group'));
+ my @current_groups = LiCoM::Group->load_by_member ($cn);
- if (!defined ($changed_groups{$group_name}))
+ for (@current_groups)
{
- $group_obj->del_members ($cn);
+ my $group_obj = $_;
+ my $group_name = $group_obj->name ();
+
+ if (!defined ($changed_groups{$group_name}))
+ {
+ $group_obj->del_members ($cn);
+ }
+ else
+ {
+ delete ($changed_groups{$group_name});
+ }
}
- else
+ for (keys %changed_groups)
{
- delete ($changed_groups{$group_name});
+ my $group_name = $_;
+ my $group_obj = LiCoM::Group->load ($group_name) or die;
+
+ $group_obj->add_members ($cn);
}
- }
- for (keys %changed_groups)
- {
- my $group_name = $_;
- my $group_obj = LiCoM::Group->load ($group_name) or die;
- $group_obj->add_members ($cn);
+ if (param ('newgroup'))
+ {
+ # FIXME add error handling
+ my $group_name = param ('newgroup');
+ LiCoM::Group->create ($group_name, '', $cn);
+ }
}
- if (param ('newgroup'))
+ if (!$UserID)
{
- # FIXME add error handling
- my $group_name = param ('newgroup');
- LiCoM::Group->create ($group_name, '', $cn);
+ print <Your changes have been saved.
+
Thank you very much for taking the time to keep this record up to date.
+
+HTML
}
if ($button eq 'apply' or !$UserID)
@@ -792,6 +841,8 @@ sub action_verify
$cn = shift if (@_);
die unless ($cn);
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
die unless ($person);
@@ -799,21 +850,24 @@ sub action_verify
$mail ||= '';
my $message;
- my $password = $person->get ('password');
+ my ($password) = $person->get ('password');
+ my $password_html;
if (!$password)
{
$password = pwgen ();
- $person->set ('password', $password);
+ $person->set ('password', [$password]);
}
+ $password_html = encode_entities ($password);
- $message = qq(The password for the record "$cn" is "$password".);
+ $message = qq(The password for the record "$cn_html" is "$password_html".);
if ($mail)
{
if (action_verify_send_mail ($person))
{
- $message .= qq( A request for verification has been sent to $mail.);
+ my $mail_html = encode_entities ($mail);
+ $message .= qq( A request for verification has been sent to $mail_html.);
}
}
else
@@ -835,8 +889,8 @@ sub action_verify_send_mail
my ($owner_mail) = $owner->get ('mail');
if (!$owner_mail)
{
- my $cn = uri_escape ($UserCN);
- print qq(\t\t
You have no email set in your own profile. Edit it now!
\n);
+ my $cn_uri = uri_escape ($UserCN);
+ print qq(\t\t
You have no email set in your own profile. Edit it now!
\n);
return (0);
}
@@ -847,15 +901,15 @@ sub action_verify_send_mail
}
$max_width++;
- my $person_name = $person->name ();
+ my $person_name = $person->name ();
my ($person_mail) = $person->get ('mail');
- my $person_gn = $person->firstname ();
- my $password = $person->get ('password');
+ my $person_gn = $person->firstname ();
+ my ($password) = $person->get ('password');
my $host = $ENV{'HTTP_HOST'};
my $url = (defined ($ENV{'HTTPS'}) ? 'https://' : 'http://') . $host . $MySelf;
- open ($smh, "| /usr/sbin/sendmail -t -f $owner_mail") or die ("open pipe to sendmail: $!");
+ open ($smh, '|-', '/usr/sbin/sendmail', '-t', '-f', $owner_mail) or die ("open (sendmail): $!");
print $smh <
From: $UserCN <$owner_mail>
@@ -904,19 +958,20 @@ sub action_ask_del
my $person = LiCoM::Person->load ($cn);
$person or die;
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape ($cn);
+ my $cn_html = encode_entities ($cn);
print <Really delete $cn?
+
Really delete $cn_html?
- You are about to delete $cn. Are you
- totally, absolutely sure you want to do this?
+ You are about to delete $cn_html.
+ Are you totally, absolutely sure you want to do this?
EOF
@@ -927,23 +982,88 @@ sub action_do_del
my $cn = param ('cn');
$cn or die;
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
$person or die;
$person->delete ();
print <$cn has been deleted.
+
$cn_html has been deleted.
EOF
action_browse ();
}
+sub action_edit_group
+{
+ my $group_name = param ('group') or die;
+
+ my $group_name_html = encode_entities ($group_name);
+
+ my $group_obj = LiCoM::Group->load ($group_name);
+
+ if (!$group_obj)
+ {
+ print qq(\t
Group "$group_name_html" does not exist or could not be loaded.
\n);
+ return;
+ }
+
+ $group_name_html = encode_entities ($group_obj->name ());
+
+ my $desc_html = encode_entities ($group_obj->description () || '');
+
+ print <Edit contact group "$group_name_html"
+
+HTML
+}
+
+sub action_save_group
+{
+ my $group_name = param ('group') or die;
+
+ my $group_name_html = encode_entities ($group_name);
+
+ my $group_obj = LiCoM::Group->load ($group_name);
+
+ if (!$group_obj)
+ {
+ print qq(\t
Group "$group_name_html" does not exist or could not be loaded.