HTML tags are not longer allowed in descriptions.

author: Guilhem Moulin <guilhem.moulin@fripost.org> 2013-01-29 21:47:51 +0100
committer: Guilhem Moulin <guilhem.moulin@fripost.org> 2013-01-29 23:08:37 +0100
commit: 0dbcef539b19bd4d50d4bbc904b32f53ebdcf102 (patch)
tree: a3aafafcc282e4bab6377602f0379be719d89f25
parent: 465f8ed1b317afb1c7aefde04e53118a19be1a18 (diff)
12 files changed, 44 insertions, 27 deletions
diff --git a/lib/Fripost/Panel/Interface.pm b/lib/Fripost/Panel/Interface.pm
index b2ad686..675c9ba 100644
--- a/lib/Fripost/Panel/Interface.pm
+++ b/lib/Fripost/Panel/Interface.pm
@@ -349,7 +349,8 @@ sub AddLocal : Runmode {
     $template->param( transport => [
         map { { item => $_
               , name => ucfirst $_
-              , selected => $q->param('transport') eq $_
+              , selected => (defined $q->param('transport') and
+                             $q->param('transport') eq $_)
             } }
             (keys %Fripost::Schema::Local::list_commands)
         ] )
@@ -422,7 +423,8 @@ sub EditLocal : Runmode {
     my $template = $self->load_tmpl( "edit-$t.html", cache => 1 );
     $template->param( $self->userInfo
                     , localpart => encode_entities($localname)
-                    , domainpart => encode_entities($domainname) );
+                    , domainpart => encode_entities($domainname)
+                    , name => encode_entities($name) );
     $template->param( &fill_HTML_template_from_query ($q) );
     my $news = (defined $q->param('submit') or
                (defined $q->param('a') and $q->param('a') eq 'delete'));
diff --git a/lib/Fripost/Schema/Auth.pm b/lib/Fripost/Schema/Auth.pm
index f06ce4f..3bdda8f 100644
--- a/lib/Fripost/Schema/Auth.pm
+++ b/lib/Fripost/Schema/Auth.pm
@@ -23,7 +23,7 @@ use Net::LDAP;
 use Net::LDAP::Extension::SetPassword;
 use Authen::SASL;
 use Fripost::Schema::Util qw/canonical_dn ldap_explode_dn ldap_error
-                             split_addr assert softdie/;
+                             split_addr email_valid assert softdie/;
 
 
 =head1 METHODS
@@ -163,7 +163,7 @@ sub auth {
         $self->whoami( join ',', @{$options{ldap_bind_dn}} );
     }
     else {
-        return unless defined $user;
+        return unless email_valid($user, -nodie => 1, -exact => 1);
         $self->whoami( $self->mail2dn($user) );
     }
 
diff --git a/lib/Fripost/Schema/Domain.pm b/lib/Fripost/Schema/Domain.pm
index f819348..36194d8 100644
--- a/lib/Fripost/Schema/Domain.pm
+++ b/lib/Fripost/Schema/Domain.pm
@@ -227,10 +227,9 @@ sub search {
 # Map a list of LDAP::Entry object into our public representation of
 # domains.
 sub _entries_to_domains {
-    my $user = lc shift;
-    my @dn = @{ldap_explode_dn $user};
-    shift @dn;
-    my $parent = lc (canonical_dn @dn);
+    my @user = @{ldap_explode_dn shift};
+    my @parent = @user;
+    shift @parent;
     my $keys = shift // [];
 
     my @domains;
@@ -288,16 +287,16 @@ sub _entries_to_domains {
         if ((not @$keys or grep { $_ eq 'permissions' } @$keys)) {
             my $perms = '';
             $perms .= 'a' if $entry->exists('fripostCanAddAlias') and
-                             grep { $user eq lc $_  or  $parent eq lc $_ }
+                             grep { &_dngrep ($_, \@user, \@parent) }
                                   $entry->get_value('fripostCanAddAlias');
             $perms .= 'l' if $entry->exists('fripostCanAddList') and
-                             grep { $user eq lc $_  or  $parent eq lc $_ }
+                             grep { &_dngrep ($_, \@user, \@parent) }
                                   $entry->get_value('fripostCanAddList');
             $perms  = 'o' if $entry->exists('fripostOwner') and
-                             grep { $user eq lc $_ }
+                             grep { &_dngrep ($_, \@user) }
                                   $entry->get_value('fripostOwner');
             $perms  = 'p' if $entry->exists('fripostPostmaster') and
-                             grep { $user eq lc $_ }
+                             grep { &_dngrep ($_, \@user) }
                                   $entry->get_value('fripostPostmaster');
             $domain{permissions} = $perms;
         }
@@ -354,10 +353,9 @@ B<Fripost::Schema::Util> for details.
 
 sub canIAdd {
     my $self = shift;
-    my @dn = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)};
-    my $user = lc (canonical_dn @dn);
-    shift @dn;
-    my $parent = lc (canonical_dn @dn);
+    my @user = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)};
+    my @parent = @user;
+    shift @parent;
     my %options = @_;
 
     # Nothing to do after an error.
@@ -376,7 +374,7 @@ sub canIAdd {
     die "Multiple virtual directories?" unless $mesg->count == 1;
 
     my $base = $mesg->pop_entry // die "Empty virtual directory?";
-    scalar (grep { lc $_ eq $user  or lc $_ eq $parent }
+    scalar (grep { &_dngrep($_, \@user, \@parent) }
                  $base->get_value('fripostCanAddDomain'));
 }
 
@@ -723,6 +721,25 @@ sub _email_to_unicode {
     return email_to_unicode($email);
 }
 
+
+
+# DN matching
+sub _dngrep {
+    my $x = ldap_explode_dn shift;
+    scalar (grep {&_dngrep1 ($x, $_)} @_);
+}
+
+sub _dngrep1 {
+    my ($x, $y) = @_;
+    return unless $#$y == $#$x;
+    for (my $i = 0; $i <= $#$x; $i++) {
+        foreach (keys %{$x->[$i]}) {
+            lc $x->[$i]->{$_} eq lc $y->[$i]->{$_} or return;
+        }
+    }
+    return 1;
+}
+
 =back
 
 =head1 AUTHOR
diff --git a/templates/add-alias.html b/templates/add-alias.html
index 1a7d7dd..d6e303f 100644
--- a/templates/add-alias.html
+++ b/templates/add-alias.html
@@ -55,7 +55,7 @@
       <h4 class="label">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/add-domain-1.html b/templates/add-domain-1.html
index 28a70a6..7f1cf67 100644
--- a/templates/add-domain-1.html
+++ b/templates/add-domain-1.html
@@ -64,7 +64,7 @@
       <h4 class="label" id="description">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/add-list.html b/templates/add-list.html
index 6e9f8bd..fed5629 100644
--- a/templates/add-list.html
+++ b/templates/add-list.html
@@ -75,7 +75,7 @@
       <h4 class="label">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/add-user.html b/templates/add-user.html
index 67493a1..3309141 100644
--- a/templates/add-user.html
+++ b/templates/add-user.html
@@ -70,7 +70,7 @@
       <h4 class="label">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/edit-alias.html b/templates/edit-alias.html
index ba2f20d..c9a6750 100644
--- a/templates/edit-alias.html
+++ b/templates/edit-alias.html
@@ -56,7 +56,7 @@
       <h4 class="label" id="description">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/edit-domain.html b/templates/edit-domain.html
index c078740..9b259d8 100644
--- a/templates/edit-domain.html
+++ b/templates/edit-domain.html
@@ -54,7 +54,7 @@
       <h4 class="label" id="description">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/edit-list.html b/templates/edit-list.html
index 6930fd1..9da8fa2 100644
--- a/templates/edit-list.html
+++ b/templates/edit-list.html
@@ -56,7 +56,7 @@
       <h4 class="label" id="description">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/edit-user.html b/templates/edit-user.html
index d4b3c86..f3e3a64 100644
--- a/templates/edit-user.html
+++ b/templates/edit-user.html
@@ -83,7 +83,7 @@
       <h4 class="label" id="description">Description</h4>
       <textarea name="description" cols="50" rows="5" ><TMPL_VAR NAME=description></textarea>
       <div class="help">
-        An optional description. (HTML tags are allowed.)
+        An optional description.
       </div>
 
       <hr/>
diff --git a/templates/new-domain.tt b/templates/new-domain.tt
index fc482e3..e1491a3 100644
--- a/templates/new-domain.tt
+++ b/templates/new-domain.tt
@@ -28,5 +28,3 @@ current MX'es with the following command:
 
 
 Cheers,
--- 
-The Fripost administration team.
author	Guilhem Moulin <guilhem.moulin@fripost.org>	2013-01-29 21:47:51 +0100
committer	Guilhem Moulin <guilhem.moulin@fripost.org>	2013-01-29 23:08:37 +0100
commit	0dbcef539b19bd4d50d4bbc904b32f53ebdcf102 (patch)
tree	a3aafafcc282e4bab6377602f0379be719d89f25
parent	465f8ed1b317afb1c7aefde04e53118a19be1a18 (diff)