X-Git-Url: https://git.p6c8.net/selfforum.git/blobdiff_plain/6fc8c0f3c87e9aaf59aa414a0641db2ac7601d7e..c881a1fb9628d1325ec3bd9238578a6e918b476f:/selfforum-cgi/user/fo_posting.pl?ds=sidebyside diff --git a/selfforum-cgi/user/fo_posting.pl b/selfforum-cgi/user/fo_posting.pl index 180233c..3126881 100644 --- a/selfforum-cgi/user/fo_posting.pl +++ b/selfforum-cgi/user/fo_posting.pl @@ -16,6 +16,7 @@ use vars qw( $Shared $Script $Config + $VERSION ); # locate the script @@ -27,13 +28,17 @@ BEGIN { $Config = "$Bin/config"; $Script = ($null =~ /^.*\/(.*)$/)? $1 : $null; -# my $null = $0; #$null =~ s/\\/\//g; # for win :-( +# my $null = $0; # $Bin = ($null =~ /^(.*)\/.*$/)? $1 : '.'; -# $Config = "$Bin/../../../cgi-config/devforum"; -# $Shared = "$Bin/../../../cgi-shared"; +# $Config = "$Bin/../../daten/forum/config"; +# $Shared = "$Bin/../../cgi-shared"; # $Script = ($null =~ /^.*\/(.*)$/)? $1 : $null; } +# setting umask, remove or comment it, if you don't need +# +umask 006; + use lib "$Shared"; use CGI::Carp qw(fatalsToBrowser); @@ -41,6 +46,10 @@ use Conf; use Conf::Admin; use Posting::Cache; +# Version check +# +$VERSION = do { my @r =(q$Revision$ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r }; + # load script configuration and admin default conf. # my $conf = read_script_conf ($Config, $Shared, $Script); @@ -62,6 +71,10 @@ $request -> handle_error or $request -> save; # $request -> response; +# shorten the main file? +# +$request -> severance; + # # ### main end ################################################################### @@ -70,6 +83,7 @@ $request -> response; ### Posting::Request ########################################################### package Posting::Request; +use Arc::Archive; use CheckRFC; use Encode::Plain; $Encode::Plain::utf8 = 1; # generally convert from UTF-8 use Encode::Posting; @@ -124,6 +138,21 @@ sub new { bless $self, $class; } +sub severance { + my $self = shift; + + my $stat = cut_tail ({ + forumFile => $self -> {conf} -> {forum_file_name}, + messagePath => $self -> {conf} -> {message_path}, + archivePath => $self -> {conf} -> {original} -> {files} -> {archivePath}, + lockFile => $self -> {conf} -> {original} -> {files} -> {sev_lock}, + adminDefault => $self -> {conf} -> {admin}, + cachePath => $self -> {conf} -> {original} -> {files} -> {cachePath} + }); +# die $stat->{(keys %$stat)[0]} if (%$stat); + +} + ### sub response ############################################################### # # print the response to STDOUT @@ -430,7 +459,7 @@ sub save { }; } else { - my $cache = new Posting::Cache ($self->{conf}->{original}->{files}->{cacheFile}); + my $cache = new Posting::Cache ($self->{conf}->{original}->{files}->{cachePath}); $cache -> add_posting ( { thread => ($tid =~ /(\d+)/)[0], posting => ($mid =~ /(\d+)/)[0] @@ -763,7 +792,7 @@ sub check_cgi { # my ($ftid, $fmid) = split /;/ => $q -> param ($formdata -> {followUp} -> {name}) => 2; - unless ($ftid =~ /\d+/ and $fmid =~ /\d+/) { + unless ($ftid =~ /^\d+$/ and $fmid =~ /^\d+$/) { $self -> {error} = { spec => 'unknown_followup', type => 'fatal' @@ -817,8 +846,28 @@ sub check_cgi { # (my $val_ww = $val) =~ s/\s+//g; - $val_ww =~ y/a-zA-Z//cd - if (exists ($formdata -> {$name {$_}} -> {type}) and $formdata -> {$name {$_}} -> {type} eq 'name'); + if (exists ($formdata -> {$name {$_}} -> {type}) and $formdata -> {$name {$_}} -> {type} eq 'name') { + $val_ww =~ y/a-zA-Z//cd; + + my @badlist = map {qr/\Q$_/i} qw ( + # insert badmatchlist here + ); + + push @badlist => map {qr/\b\Q$_\E\b/i} qw( + # insert badwordlist here + ); + + for (@badlist) { + if ($val_ww =~ /$_/) { + $self -> {error} = { + spec => 'undesired', + desc => $name{$_}, + type => 'fatal' + }; + return; + } + } + } if (length $val_ww < $formdata -> {$name {$_}} -> {minlength}) { $self -> {error} = { @@ -860,6 +909,16 @@ sub check_cgi { }; $self -> kill_param or return; } + + elsif ($formdata -> {$name {$_}} -> {type} eq 'unique-id' and not may_id $val) { + $self -> {error} = { + spec => 'wrong_unique_id', + desc => $name{$_}, + type => $formdata -> {$name {$_}} -> {errorType} + }; + print STDERR "Manipuliert!"; + $self -> kill_param or return; + } } if (exists ($formdata -> {$name {$_}} -> {values})