#!/usr/bin/perl
+# LiCoM - Lightweight contact manager
+# Copyright (c) 2005-2006 Florian octo Forster <octo at verplant.org>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; only version 2 of the License is applicable.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software # Foundation, Inc.,
+# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
use strict;
use warnings;
use lib (qw(lib));
use CGI (':cgi');
use CGI::Carp (qw(fatalsToBrowser));
use URI::Escape;
-use Data::Dumper;
+use HTML::Entities (qw(encode_entities));
use LiCoM::Config (qw(get_config set_config read_config));
use LiCoM::Connection ();
verify => [\&html_start, \&action_verify, \&html_end],
delete => [\&html_start, \&action_ask_del, \&html_end],
expunge => [\&html_start, \&action_do_del, \&html_end],
- vcard => \&action_vcard
+ vcard => \&action_vcard,
+ edit_group => [\&html_start, \&action_edit_group, \&html_end],
+ save_group => [\&html_start, \&action_save_group, \&html_end]
);
read_config ();
if (!defined ($Actions{$Action}))
{
- die;
+ die ("No such action: $Action");
}
if (ref ($Actions{$Action}) eq 'CODE')
{
my @groups = LiCoM::Group->all ();
- print qq(\t\t<h2>Contact Groups</h2>\n\t\t<ul class="groups">\n);
+ print qq(\t\t<h2>Contact groups</h2>\n\t\t<ul class="groups">\n);
for (@groups)
{
my $group = $_;
my @members = $group->get_members ();
my $members = scalar (@members);
my $group_name = $group->name ();
- my $group_esc = uri_escape ($group_name);
+ my $group_uri = uri_escape ($group_name);
my $desc = $group->description ();
- print qq#\t\t\t<li><a href="$MySelf?action=browse&group=$group_esc">$group_name</a> ($members Member#, ($members == 1 ? ')' : 's)');
- print qq(<br />\n\t\t\t\t<span class="description">$desc</span>) if ($desc);
+ print qq#\t\t\t<li><a href="$MySelf?action=browse&group=$group_uri">#,
+ encode_entities ($group_name),
+ qq#</a> ($members Member#, ($members == 1 ? ')' : 's)');
+ print qq(<br />\n\t\t\t\t<span class="description">),
+ encode_entities ($desc) . '</span>' if ($desc);
print "</li>\n";
}
if (!@groups)
}
else
{
- my $group_obj = LiCoM::Group->load ($group);
- my $group_esc = uri_escape ($group_obj->name ());
+ my $group_obj = LiCoM::Group->load ($group);
+ my $group_uri = uri_escape ($group_obj->name ());
+ my $group_html = encode_entities ($group_obj->name ());
my @member_names = $group_obj->get_members ();
+ my $desc = $group_obj->description ();
+ my $desc_html = encode_entities ($desc || '');
- print qq(\t\t<h2>Contact Group "$group"</h2>\n),
- qq(\t\t<ul class="results">\n);
+ print qq(\t\t<h2>Contact group "$group_html"</h2>\n);
+ print qq(\t\t<div>$desc_html</div>\n) if ($desc);
+ print qq(\t\t<ul class="results">\n);
for (sort (@member_names))
{
my $cn = $_;
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape ($cn);
+ my $cn_html = encode_entities ($cn);
- print qq(\t\t\t<li><a href="$MySelf?action=detail&cn=$cn_esc">$cn</a></li>\n);
+ print qq(\t\t\t<li><a href="$MySelf?action=detail&cn=$cn_uri">$cn_html</a></li>\n);
}
print <<EOF;
</ul>
<div class="menu">
- [<a href="$MySelf?action=list&group=$group_esc">List</a>]
+ [<a href="$MySelf?action=list&group=$group_uri">List</a>]
[<a href="$MySelf?action=browse">Back</a>]
- [Edit]
+ [<a href="$MySelf?action=edit_group&group=$group_uri">Edit</a>]
</div>
EOF
}
{
my $field = $_;
my @values = $person->get ($field);
- print "\t\t\t\t<td>" . join ('<br />', @values) . "</td>\n";
+ print "\t\t\t\t<td>" . join ('<br />', map { encode_entities ($_) } (@values)) . "</td>\n";
}
print "\t\t\t</tr>\n";
$cn = shift if (@_);
die unless ($cn);
+ my $cn_html = encode_entities ($cn);
+ my $cn_uri = uri_escape ($cn);
+
my $person = LiCoM::Person->load ($cn);
if (!$person)
{
- print qq(\t<div>Entry "$cn" could not be loaded from DB.</div>\n);
+ print qq(\t<div>Entry "$cn_html" could not be loaded from DB.</div>\n);
return;
}
- print qq(\t\t<h2>Details for $cn</h2>\n);
-
- my $cn_esc = uri_escape ($cn);
+ print qq(\t\t<h2>Details for $cn_html</h2>\n);
print <<EOF;
<table class="detail">
<tr>
<th>Name</th>
- <td>$cn</td>
+ <td>$cn_html</td>
</tr>
EOF
for (@MultiFields)
my $field = $_;
my $values = $person->get ($field);
my $num = scalar (@$values);
- my $print = defined ($FieldNames{$field}) ? $FieldNames{$field} : $field;
+ my $field_name = defined ($FieldNames{$field}) ? $FieldNames{$field} : $field;
next unless ($num);
+ $field_name = encode_entities ($field_name);
+
print "\t\t\t<tr>\n";
if ($num > 1)
{
- print qq(\t\t\t\t<th rowspan="$num">$print</th>\n);
+ print qq(\t\t\t\t<th rowspan="$num">$field_name</th>\n);
}
else
{
- print qq(\t\t\t\t<th>$print</th>\n);
+ print qq(\t\t\t\t<th>$field_name</th>\n);
}
for (my $i = 0; $i < $num; $i++)
{
my $val = $values->[$i];
+ my $val_uri = uri_escape ($val);
+ my $val_html = encode_entities ($val);
if ($field eq 'group')
{
- my $val_esc = uri_escape ($val);
- $val = qq(<a href="$MySelf?action=browse&group=$val_esc">$val</a>);
+ $val = qq(<a href="$MySelf?action=browse&group=$val_uri">$val_html</a>);
}
elsif ($field eq 'uri')
{
- my $uri = $val;
- $uri = qq(http://$val) unless ($val =~ m#^[a-z]+://#);
- $val = qq(<a href="$uri" class="extern">$val</a>);
+ if ($val =~ m#^([a-z]+)://(.+)$#)
+ {
+ $val_uri = $1 . '://' . uri_escape ($2);
+ }
+ else
+ {
+ $val_uri = 'http://' . uri_escape ($val);
+ }
+ $val = qq(<a href="$val_uri" class="extern">$val_html</a>);
}
elsif ($field eq 'mail')
{
- $val = qq(<a href="mailto:$val" class="mail">$val</a>);
+ $val = qq(<a href="mailto:$val_uri" class="mail">$val_html</a>);
+ }
+ else
+ {
+ $val = $val_html;
}
print "\t\t\t<tr>\n" if ($i);
{
my $group = $groups[$i];
my $group_name = $group->name ();
- my $group_esc = uri_escape ($group_name);
+ my $group_uri = uri_escape ($group_name);
+ my $group_html = encode_entities ($group_name);
print "\t\t\t<tr>\n" if ($i != 0);
- print qq(\t\t\t\t<td><a href="$MySelf?action=browse&group=$group_esc">$group_name</a></td>\n),
+ print qq(\t\t\t\t<td><a href="$MySelf?action=browse&group=$group_uri">$group_html</a></td>\n),
"\t\t\t</tr>\n";
}
}
</table>
<div class="menu">
- [<a href="$MySelf?action=verify&cn=$cn_esc">Verify</a>]
- [<a href="$MySelf?action=vcard&cn=$cn_esc">vCard</a>]
- [<a href="$MySelf?action=edit&cn=$cn_esc">Edit</a>]
- [<a href="$MySelf?action=delete&cn=$cn_esc">Delete</a>]
+ [<a href="$MySelf?action=verify&cn=$cn_uri">Verify</a>]
+ [<a href="$MySelf?action=vcard&cn=$cn_uri">vCard</a>]
+ [<a href="$MySelf?action=edit&cn=$cn_uri">Edit</a>]
+ [<a href="$MySelf?action=delete&cn=$cn_uri">Delete</a>]
</div>
EOF
{
my $person = $_;
my $cn = $person->name ();
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape ($cn);
+ my $cn_html = encode_entities ($cn);
- print qq(\t\t<li><a href="$MySelf?action=detail&cn=$cn_esc">$cn</a></li>\n);
+ print qq(\t\t<li><a href="$MySelf?action=detail&cn=$cn_uri">$cn_html</a></li>\n);
}
print qq(\t</ul>\n);
}
$cn = $opts{'cn'} if (defined ($opts{'cn'}));
$cn ||= '';
+ my $cn_html = encode_entities ($cn);
+
if (!$UserID)
{
$cn = $UserCN;
if ($cn)
{
- print "\t\t<h2>Edit contact $cn</h2>\n";
+ print "\t\t<h2>Edit contact $cn_html</h2>\n";
}
else
{
print <<EOF;
<form action="$MySelf" method="post">
<input type="hidden" name="action" value="save" />
- <input type="hidden" name="cn" value="$cn" />
+ <input type="hidden" name="cn" value="$cn_html" />
<table class="edit">
<tr>
<th>Lastname</th>
next if ($field eq 'group');
push (@values, '');
+
+ $field = encode_entities ($field);
+ $print = encode_entities ($print);
for (@values)
{
- my $value = $_;
+ my $value = encode_entities ($_);
print <<EOF;
<tr>
for (@all_groups)
{
my $group = $_;
- my $group_name = $group->name ();
+ my $group_name = encode_entities ($group->name ());
my $selected = '';
if (grep { $cn eq $_ } ($group->get_members ()))
}
else
{
- print qq(\t<div class="error">Group "$group_name" does not exist or could not be loaded.</div>\n);
+ my $group_html = encode_entities ($group_name);
+ print qq(\t<div class="error">Group "$group_html" does not exist or could not be loaded.</div>\n);
}
}
$person->firstname ($firstname) if ($firstname and $firstname ne $person->firstname ());
$cn = $person->name ();
- # FIXME Fix groups
+ # FIXME Fix groups:
+ # Each group is one entry of type (objectClass=groupOfNames)
+ # with one or more `member' attributes. These attributes are
+ # the `dn' (distinguished name) of the member entries.
}
my $contacts = get_contacts ();
$cn = shift if (@_);
die unless ($cn);
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
die unless ($person);
$mail ||= '';
my $message;
- my $password = $person->get ('password');
+ my ($password) = $person->get ('password');
+ my $password_html;
if (!$password)
{
$password = pwgen ();
- $person->set ('password', $password);
+ $person->set ('password', [$password]);
}
+ $password_html = encode_entities ($password);
- $message = qq(The password for the record "$cn" is "$password".);
+ $message = qq(The password for the record "$cn_html" is "$password_html".);
if ($mail)
{
if (action_verify_send_mail ($person))
{
- $message .= qq( A request for verification has been sent to $mail.);
+ my $mail_html = encode_entities ($mail);
+ $message .= qq( A request for verification has been sent to $mail_html.);
}
}
else
my ($owner_mail) = $owner->get ('mail');
if (!$owner_mail)
{
- my $cn = uri_escape ($UserCN);
- print qq(\t\t<div class="error">You have no email set in your own profile. <a href="$MySelf?action=edit&cn=$cn">Edit it now</a>!</div>\n);
+ my $cn_uri = uri_escape ($UserCN);
+ print qq(\t\t<div class="error">You have no email set in your own profile. <a href="$MySelf?action=edit&cn=$cn_uri">Edit it now</a>!</div>\n);
return (0);
}
}
$max_width++;
- my $person_name = $person->name ();
+ my $person_name = $person->name ();
my ($person_mail) = $person->get ('mail');
- my $person_gn = $person->firstname ();
- my $password = $person->get ('password');
+ my $person_gn = $person->firstname ();
+ my ($password) = $person->get ('password');
my $host = $ENV{'HTTP_HOST'};
my $url = (defined ($ENV{'HTTPS'}) ? 'https://' : 'http://') . $host . $MySelf;
- open ($smh, "| /usr/sbin/sendmail -t -f $owner_mail") or die ("open pipe to sendmail: $!");
+ open ($smh, '|-', '/usr/sbin/sendmail', '-t', '-f', $owner_mail) or die ("open (sendmail): $!");
print $smh <<EOM;
To: $person_name <$person_mail>
From: $UserCN <$owner_mail>
my $person = LiCoM::Person->load ($cn);
$person or die;
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape ($cn);
+ my $cn_html = encode_entities ($cn);
print <<EOF;
- <h2>Really delete $cn?</h2>
+ <h2>Really delete $cn_html?</h2>
<div>
- You are about to delete <strong>$cn</strong>. Are you
- totally, absolutely sure you want to do this?
+ You are about to delete <strong>$cn_html</strong>.
+ Are you totally, absolutely sure you want to do this?
</div>
<div class="menu">
- [<a href="$MySelf?action=expunge&cn=$cn_esc">Yes, delete</a>]
- [<a href="$MySelf?action=detail&cn=$cn_esc">No, keep</a>]
+ [<a href="$MySelf?action=expunge&cn=$cn_uri">Yes, delete</a>]
+ [<a href="$MySelf?action=detail&cn=$cn_uri">No, keep</a>]
</div>
EOF
my $cn = param ('cn');
$cn or die;
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
$person or die;
$person->delete ();
print <<EOF;
- <div>$cn has been deleted.</div>
+ <div>$cn_html has been deleted.</div>
EOF
action_browse ();
}
+sub action_edit_group
+{
+ my $group_name = param ('group') or die;
+
+ my $group_name_html = encode_entities ($group_name);
+
+ my $group_obj = LiCoM::Group->load ($group_name);
+
+ if (!$group_obj)
+ {
+ print qq(\t<div class="error">Group "$group_name_html" does not exist or could not be loaded.</div>\n);
+ return;
+ }
+
+ $group_name_html = encode_entities ($group_obj->name ());
+
+ my $desc_html = encode_entities ($group_obj->description () || '');
+
+ print <<HTML;
+ <h2>Edit contact group "$group_name_html"</h2>
+ <form action="$MySelf" method="post">
+ <input type="hidden" name="action" value="save_group" />
+ <input type="hidden" name="group" value="$group_name_html" />
+ <table>
+ <tr>
+ <th>Group Name</th>
+ <td>$group_name_html</td>
+ </tr>
+ <tr>
+ <th>Description</th>
+ <td><input type="text" name="description" value="$desc_html" /></td>
+ </tr>
+ <tr>
+ <th colspan="2"><input type="submit" name="button" value="Save" /></th>
+ </tr>
+ </table>
+ </form>
+HTML
+}
+
+sub action_save_group
+{
+ my $group_name = param ('group') or die;
+
+ my $group_name_html = encode_entities ($group_name);
+
+ my $group_obj = LiCoM::Group->load ($group_name);
+
+ if (!$group_obj)
+ {
+ print qq(\t<div class="error">Group "$group_name_html" does not exist or could not be loaded.</div>\n);
+ return;
+ }
+
+ my $desc = param ('description');
+ $group_obj->description ($desc);
+
+ action_browse ();
+ return;
+}
+
sub html_start
{
my $title = shift;
$title = q(Lightweight Contact Manager) unless ($title);
+ $title = encode_entities ($title);
+
print <<EOF;
Content-Type: text/html; charset=UTF-8
if ($UserID)
{
my $search = param ('search') || '';
+ $search = encode_entities ($search);
print <<EOF;
<div class="topmenu">
<form action="$MySelf" method="post">