aboutsummaryrefslogtreecommitdiffstats
path: root/patches/webschleuder.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/webschleuder.patch')
-rw-r--r--patches/webschleuder.patch160
1 files changed, 160 insertions, 0 deletions
diff --git a/patches/webschleuder.patch b/patches/webschleuder.patch
new file mode 100644
index 0000000..397a17d
--- /dev/null
+++ b/patches/webschleuder.patch
@@ -0,0 +1,160 @@
+diff --git a/contrib/enable_webschleuder.rb b/contrib/enable_webschleuder.rb
+old mode 100644
+new mode 100755
+index 32e20c6..f72dd94
+--- a/contrib/enable_webschleuder.rb
++++ b/contrib/enable_webschleuder.rb
+@@ -40,17 +40,18 @@ class EnableWebschleuder
+
+ def self.usage
+ puts "Usage:
+-#{File.basename($0)} listname password (-encrypted) (-override)"
++#{File.basename($0)} listname [-encrypted] [-override]"
+ exit 1
+ end
+ end
+
+ listname = ARGV.shift
+-password = ARGV.shift
+-EnableWebschleuder.usage unless listname and password
++EnableWebschleuder.usage unless listname
+ encrypted = override = false
+ while nextarg = ARGV.shift
+ encrypted = (nextarg == '-encrypted') unless encrypted
+ override = (nextarg == '-override') unless override
+ end
+-EnableWebschleuder.enable(listname,password,encrypted,override)
++print "Password for list" + listname + '' if STDIN.fcntl(Fcntl::F_GETFL, 0) != 0
++password = gets
++EnableWebschleuder.enable(listname,password.chomp,encrypted,override)
+diff --git a/webschleuder.rb b/webschleuder.rb
+index c90db2f..6259836 100755
+--- a/webschleuder.rb
++++ b/webschleuder.rb
+@@ -23,8 +23,8 @@ require 'webschleuder/errors'
+
+
+ module Webschleuder
+- set :secret, Webschleuder::Models::WebConfig.loadconfig.session_secret
+ include Camping::Session
++ secret Webschleuder::Models::WebConfig.loadconfig.session_secret
+
+ def r404(path)
+ "Sorry, but I can't find #{path}."
+diff --git a/webschleuder/controllers.rb b/webschleuder/controllers.rb
+index c84348c..4e85625 100755
+--- a/webschleuder/controllers.rb
++++ b/webschleuder/controllers.rb
+@@ -21,7 +21,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Login < R '/([^/]*)/login'
++ class Login < R '/schleuder/([^/]*)/login'
+ def get(listname)
+ prepare
+ @myself = self
+@@ -48,7 +48,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Logout < R '/([^/]*)/logout'
++ class Logout < R '/schleuder/([^/]*)/logout'
+ def get(listname)
+ return unless authenticate
+ $list = nil
+@@ -60,7 +60,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class ListIndex < R '/([^/?]+)'
++ class ListIndex < R '/schleuder/([^/?]+)'
+ def get(listname)
+ return unless authenticate
+ @myself = self
+@@ -69,7 +69,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Index < R '/'
++ class Index < R '/schleuder/'
+ def get()
+ prepare
+ # catch get-params from startpage-jumpform
+@@ -83,7 +83,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Users < R '/([^/]*)/users'
++ class Users < R '/schleuder/([^/]*)/users'
+ def get(listname)
+ return unless authenticate
+ @users = User.loadusers
+@@ -123,7 +123,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Listconfig < R '/([^/]*)/listconfig'
++ class Listconfig < R '/schleuder/([^/]*)/listconfig'
+ def get(listname)
+ return unless authenticate
+ @config = SchleuderConfig.loadlistconfig
+@@ -162,7 +162,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Keys < R '/([^/]*)/keys', '/([^/]*)/keys/([^/]*)', '/([^/]*)/keys/([^/]*)/(.*)'
++ class Keys < R '/schleuder/([^/]*)/keys', '/schleuder/([^/]*)/keys/([^/]*)', '/schleuder/([^/]*)/keys/([^/]*)/(.*)'
+ def get(listname, action=nil, keyid=nil)
+ return unless authenticate
+ case action
+@@ -238,7 +238,7 @@ module Webschleuder::Controllers
+ end
+ end
+
+- class Password < R '/([^/]*)/password'
++ class Password < R '/schleuder/([^/]*)/password'
+
+ def get(listname)
+ return unless authenticate
+diff --git a/webschleuder/helpers.rb b/webschleuder/helpers.rb
+index 3aafedc..2f619cd 100755
+--- a/webschleuder/helpers.rb
++++ b/webschleuder/helpers.rb
+@@ -1,3 +1,4 @@
++require "rack/utils"
+ module Webschleuder::Helpers
+
+ def prepare
+@@ -7,16 +8,14 @@ module Webschleuder::Helpers
+ # TODO: further input parsing (against XSS etc.)
+ #
+ # what does the request look like?
+- request = @env['REQUEST_URI'].split('/')
+- # throw away first element as it is empty
+- request.shift
++ request = @env['REQUEST_URI'].gsub(/^\/schleuder\//,'').split('/')
+
+ $appconf = Webschleuder::Models::SchleuderConfig.loadconfig
+ $webappconf = Webschleuder::Models::WebConfig.loadconfig
+
+ @state.flash = {:info => [], :error => []} unless @state.flash.is_a?Hash
+
+- listname = request.first || ''
++ listname = Rack::Utils.unescape(request.first || '')
+ listdir = File.join($appconf.lists_dir, listname)
+
+ if !listname.empty? and File.directory?(listdir)
+diff --git a/webschleuder/webschleuder_config.rb b/webschleuder/webschleuder_config.rb
+index 08f595b..b89004f 100644
+--- a/webschleuder/webschleuder_config.rb
++++ b/webschleuder/webschleuder_config.rb
+@@ -47,7 +47,7 @@ module Webschleuder
+ private
+
+ def _write(data,filename)
+- if File.open(filename, 'w') { |f| f << data }
++ if File.open(filename, File::WRONLY|File::CREAT, 0600) { |f| f << data }
+ true
+ else
+ false