From 0dbcef539b19bd4d50d4bbc904b32f53ebdcf102 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 29 Jan 2013 21:47:51 +0100 Subject: HTML tags are not longer allowed in descriptions. --- lib/Fripost/Panel/Interface.pm | 6 ++++-- lib/Fripost/Schema/Auth.pm | 4 ++-- lib/Fripost/Schema/Domain.pm | 43 +++++++++++++++++++++++++++++------------- templates/add-alias.html | 2 +- templates/add-domain-1.html | 2 +- templates/add-list.html | 2 +- templates/add-user.html | 2 +- templates/edit-alias.html | 2 +- templates/edit-domain.html | 2 +- templates/edit-list.html | 2 +- templates/edit-user.html | 2 +- templates/new-domain.tt | 2 -- 12 files changed, 44 insertions(+), 27 deletions(-) diff --git a/lib/Fripost/Panel/Interface.pm b/lib/Fripost/Panel/Interface.pm index b2ad686..675c9ba 100644 --- a/lib/Fripost/Panel/Interface.pm +++ b/lib/Fripost/Panel/Interface.pm @@ -349,7 +349,8 @@ sub AddLocal : Runmode { $template->param( transport => [ map { { item => $_ , name => ucfirst $_ - , selected => $q->param('transport') eq $_ + , selected => (defined $q->param('transport') and + $q->param('transport') eq $_) } } (keys %Fripost::Schema::Local::list_commands) ] ) @@ -422,7 +423,8 @@ sub EditLocal : Runmode { my $template = $self->load_tmpl( "edit-$t.html", cache => 1 ); $template->param( $self->userInfo , localpart => encode_entities($localname) - , domainpart => encode_entities($domainname) ); + , domainpart => encode_entities($domainname) + , name => encode_entities($name) ); $template->param( &fill_HTML_template_from_query ($q) ); my $news = (defined $q->param('submit') or (defined $q->param('a') and $q->param('a') eq 'delete')); diff --git a/lib/Fripost/Schema/Auth.pm b/lib/Fripost/Schema/Auth.pm index f06ce4f..3bdda8f 100644 --- a/lib/Fripost/Schema/Auth.pm +++ b/lib/Fripost/Schema/Auth.pm @@ -23,7 +23,7 @@ use Net::LDAP; use Net::LDAP::Extension::SetPassword; use Authen::SASL; use Fripost::Schema::Util qw/canonical_dn ldap_explode_dn ldap_error - split_addr assert softdie/; + split_addr email_valid assert softdie/; =head1 METHODS @@ -163,7 +163,7 @@ sub auth { $self->whoami( join ',', @{$options{ldap_bind_dn}} ); } else { - return unless defined $user; + return unless email_valid($user, -nodie => 1, -exact => 1); $self->whoami( $self->mail2dn($user) ); } diff --git a/lib/Fripost/Schema/Domain.pm b/lib/Fripost/Schema/Domain.pm index f819348..36194d8 100644 --- a/lib/Fripost/Schema/Domain.pm +++ b/lib/Fripost/Schema/Domain.pm @@ -227,10 +227,9 @@ sub search { # Map a list of LDAP::Entry object into our public representation of # domains. sub _entries_to_domains { - my $user = lc shift; - my @dn = @{ldap_explode_dn $user}; - shift @dn; - my $parent = lc (canonical_dn @dn); + my @user = @{ldap_explode_dn shift}; + my @parent = @user; + shift @parent; my $keys = shift // []; my @domains; @@ -288,16 +287,16 @@ sub _entries_to_domains { if ((not @$keys or grep { $_ eq 'permissions' } @$keys)) { my $perms = ''; $perms .= 'a' if $entry->exists('fripostCanAddAlias') and - grep { $user eq lc $_ or $parent eq lc $_ } + grep { &_dngrep ($_, \@user, \@parent) } $entry->get_value('fripostCanAddAlias'); $perms .= 'l' if $entry->exists('fripostCanAddList') and - grep { $user eq lc $_ or $parent eq lc $_ } + grep { &_dngrep ($_, \@user, \@parent) } $entry->get_value('fripostCanAddList'); $perms = 'o' if $entry->exists('fripostOwner') and - grep { $user eq lc $_ } + grep { &_dngrep ($_, \@user) } $entry->get_value('fripostOwner'); $perms = 'p' if $entry->exists('fripostPostmaster') and - grep { $user eq lc $_ } + grep { &_dngrep ($_, \@user) } $entry->get_value('fripostPostmaster'); $domain{permissions} = $perms; } @@ -354,10 +353,9 @@ B for details. sub canIAdd { my $self = shift; - my @dn = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)}; - my $user = lc (canonical_dn @dn); - shift @dn; - my $parent = lc (canonical_dn @dn); + my @user = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)}; + my @parent = @user; + shift @parent; my %options = @_; # Nothing to do after an error. @@ -376,7 +374,7 @@ sub canIAdd { die "Multiple virtual directories?" unless $mesg->count == 1; my $base = $mesg->pop_entry // die "Empty virtual directory?"; - scalar (grep { lc $_ eq $user or lc $_ eq $parent } + scalar (grep { &_dngrep($_, \@user, \@parent) } $base->get_value('fripostCanAddDomain')); } @@ -723,6 +721,25 @@ sub _email_to_unicode { return email_to_unicode($email); } + + +# DN matching +sub _dngrep { + my $x = ldap_explode_dn shift; + scalar (grep {&_dngrep1 ($x, $_)} @_); +} + +sub _dngrep1 { + my ($x, $y) = @_; + return unless $#$y == $#$x; + for (my $i = 0; $i <= $#$x; $i++) { + foreach (keys %{$x->[$i]}) { + lc $x->[$i]->{$_} eq lc $y->[$i]->{$_} or return; + } + } + return 1; +} + =back =head1 AUTHOR diff --git a/templates/add-alias.html b/templates/add-alias.html index 1a7d7dd..d6e303f 100644 --- a/templates/add-alias.html +++ b/templates/add-alias.html @@ -55,7 +55,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/add-domain-1.html b/templates/add-domain-1.html index 28a70a6..7f1cf67 100644 --- a/templates/add-domain-1.html +++ b/templates/add-domain-1.html @@ -64,7 +64,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/add-list.html b/templates/add-list.html index 6e9f8bd..fed5629 100644 --- a/templates/add-list.html +++ b/templates/add-list.html @@ -75,7 +75,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/add-user.html b/templates/add-user.html index 67493a1..3309141 100644 --- a/templates/add-user.html +++ b/templates/add-user.html @@ -70,7 +70,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/edit-alias.html b/templates/edit-alias.html index ba2f20d..c9a6750 100644 --- a/templates/edit-alias.html +++ b/templates/edit-alias.html @@ -56,7 +56,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/edit-domain.html b/templates/edit-domain.html index c078740..9b259d8 100644 --- a/templates/edit-domain.html +++ b/templates/edit-domain.html @@ -54,7 +54,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/edit-list.html b/templates/edit-list.html index 6930fd1..9da8fa2 100644 --- a/templates/edit-list.html +++ b/templates/edit-list.html @@ -56,7 +56,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/edit-user.html b/templates/edit-user.html index d4b3c86..f3e3a64 100644 --- a/templates/edit-user.html +++ b/templates/edit-user.html @@ -83,7 +83,7 @@

Description

- An optional description. (HTML tags are allowed.) + An optional description.
diff --git a/templates/new-domain.tt b/templates/new-domain.tt index fc482e3..e1491a3 100644 --- a/templates/new-domain.tt +++ b/templates/new-domain.tt @@ -28,5 +28,3 @@ current MX'es with the following command: Cheers, --- -The Fripost administration team. -- cgit v1.2.3