@@ -499,10 +521,13 @@ EOF
next if ($field eq 'group');
push (@values, '');
+
+ $field = encode_entities ($field);
+ $print = encode_entities ($print);
for (@values)
{
- my $value = $_;
+ my $value = encode_entities ($_);
print <
@@ -526,7 +551,7 @@ EOF
for (@all_groups)
{
my $group = $_;
- my $group_name = $group->name ();
+ my $group_name = encode_entities ($group->name ());
my $selected = '';
if (grep { $cn eq $_ } ($group->get_members ()))
@@ -626,7 +651,8 @@ sub action_save
}
else
{
- print qq(\t
Group "$group_name" does not exist or could not be loaded.
\n);
+ my $group_html = encode_entities ($group_name);
+ print qq(\t
Group "$group_html" does not exist or could not be loaded.
\n);
}
}
@@ -672,7 +698,10 @@ sub action_update
$person->firstname ($firstname) if ($firstname and $firstname ne $person->firstname ());
$cn = $person->name ();
- # FIXME Fix groups
+ # FIXME Fix groups:
+ # Each group is one entry of type (objectClass=groupOfNames)
+ # with one or more `member' attributes. These attributes are
+ # the `dn' (distinguished name) of the member entries.
}
my $contacts = get_contacts ();
@@ -793,6 +822,8 @@ sub action_verify
$cn = shift if (@_);
die unless ($cn);
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
die unless ($person);
@@ -800,21 +831,24 @@ sub action_verify
$mail ||= '';
my $message;
- my $password = $person->get ('password');
+ my ($password) = $person->get ('password');
+ my $password_html;
if (!$password)
{
$password = pwgen ();
- $person->set ('password', $password);
+ $person->set ('password', [$password]);
}
+ $password_html = encode_entities ($password);
- $message = qq(The password for the record "$cn" is "$password".);
+ $message = qq(The password for the record "$cn_html" is "$password_html".);
if ($mail)
{
if (action_verify_send_mail ($person))
{
- $message .= qq( A request for verification has been sent to $mail.);
+ my $mail_html = encode_entities ($mail);
+ $message .= qq( A request for verification has been sent to $mail_html.);
}
}
else
@@ -836,8 +870,8 @@ sub action_verify_send_mail
my ($owner_mail) = $owner->get ('mail');
if (!$owner_mail)
{
- my $cn = uri_escape ($UserCN);
- print qq(\t\t
You have no email set in your own profile. Edit it now!
\n);
+ my $cn_uri = uri_escape ($UserCN);
+ print qq(\t\t
You have no email set in your own profile. Edit it now!
\n);
return (0);
}
@@ -848,15 +882,15 @@ sub action_verify_send_mail
}
$max_width++;
- my $person_name = $person->name ();
+ my $person_name = $person->name ();
my ($person_mail) = $person->get ('mail');
- my $person_gn = $person->firstname ();
- my $password = $person->get ('password');
+ my $person_gn = $person->firstname ();
+ my ($password) = $person->get ('password');
my $host = $ENV{'HTTP_HOST'};
my $url = (defined ($ENV{'HTTPS'}) ? 'https://' : 'http://') . $host . $MySelf;
- open ($smh, "| /usr/sbin/sendmail -t -f $owner_mail") or die ("open pipe to sendmail: $!");
+ open ($smh, '|-', '/usr/sbin/sendmail', '-t', '-f', $owner_mail) or die ("open (sendmail): $!");
print $smh <
From: $UserCN <$owner_mail>
@@ -905,19 +939,20 @@ sub action_ask_del
my $person = LiCoM::Person->load ($cn);
$person or die;
- my $cn_esc = uri_escape ($cn);
+ my $cn_uri = uri_escape ($cn);
+ my $cn_html = encode_entities ($cn);
print <Really delete $cn?
+
Really delete $cn_html?
- You are about to delete $cn. Are you
- totally, absolutely sure you want to do this?
+ You are about to delete $cn_html.
+ Are you totally, absolutely sure you want to do this?
EOF
@@ -928,13 +963,15 @@ sub action_do_del
my $cn = param ('cn');
$cn or die;
+ my $cn_html = encode_entities ($cn);
+
my $person = LiCoM::Person->load ($cn);
$person or die;
$person->delete ();
print <$cn has been deleted.
+