wwsympa.fcgi.in 584 KB
Newer Older
1
#!--PERL--
2
3
4
5
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$

6
# Sympa - SYsteme de Multi-Postage Automatique
7
8
9
10
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
11
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
12
13
# Copyright 2017, 2018, 2019, 2020, 2021 The Sympa Community. See the
# AUTHORS.md file at the top-level directory of this distribution and at
14
# <https://github.com/sympa-community/sympa.git>.
15
16
17
18
19
20
21
22
23
24
25
26
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
27
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
28

29
## Copyright 1999 Comité Réseaux des Universités
root's avatar
root committed
30
## web interface to Sympa mailing lists manager
salaun's avatar
salaun committed
31
## Sympa: http://www.sympa.org/
root's avatar
root committed
32
## Authors :
salaun's avatar
   
salaun committed
33
##           Serge Aumont <sa AT cru.fr>
34
##           Olivier Salaün <os AT cru.fr>
35

36
37
use strict;
##use warnings;
38
use lib split(/:/, $ENV{SYMPALIB} || ''), '--modulesdir--';
olivier.salaun's avatar
olivier.salaun committed
39

40
use Archive::Zip qw();
41
use DateTime;
42
use DateTime::Format::Mail;
43
use Digest::MD5;
sikeda's avatar
sikeda committed
44
use Encode qw();
45
use English qw(-no_match_vars);
46
use IO::File qw();
sikeda's avatar
sikeda committed
47
use MIME::EncWords;
48
use MIME::Lite::HTML;
sikeda's avatar
sikeda committed
49
use POSIX qw();
50
use Time::Local qw();
51
use URI;
52
use Data::Dumper;    # tentative
53
BEGIN { eval 'use Crypt::OpenSSL::X509'; }
54

55
use Sympa;
sikeda's avatar
sikeda committed
56
use Sympa::Archive;
root's avatar
root committed
57
use Conf;
58
use Sympa::ConfDef;
59
use Sympa::Constants;
60
use Sympa::Crash Hook => \&_crash_handler;    # Show traceback.
61
use Sympa::Database;
62
use Sympa::DatabaseManager;
sikeda's avatar
sikeda committed
63
use Sympa::Family;
64
use Sympa::HTMLSanitizer;
65
use Sympa::Language;
66
use Sympa::List;
IKEDA Soji's avatar
IKEDA Soji committed
67
68
use Sympa::List::Config;
use Sympa::List::Users;
69
use Sympa::Log;
70
use Sympa::Message;
sikeda's avatar
sikeda committed
71
use Sympa::Regexps;
72
73
use Sympa::Robot;
use Sympa::Scenario;
74
use Sympa::Spindle::ProcessRequest;
75
use Sympa::Spindle::ResendArchive;
76
use Sympa::Spool::Archive;
77
use Sympa::Spool::Auth;
78
use Sympa::Spool::Held;
79
use Sympa::Spool::Incoming;
80
use Sympa::Spool::Listmaster;
81
use Sympa::Spool::Moderation;
82
83
use Sympa::Spool::Outgoing;
use Sympa::Spool::Topic;
84
use Sympa::Task;
85
use Sympa::Template;
86
use Sympa::Ticket;
87
88
use Sympa::Tools::Data;
use Sympa::Tools::File;
89
use Sympa::Tools::Password;
90
use Sympa::Tools::Text;
91
use Sympa::Tracking;
sikeda's avatar
sikeda committed
92
use Sympa::User;
IKEDA Soji's avatar
IKEDA Soji committed
93
use Sympa::WWW::Auth;
94
use Sympa::WWW::FastCGI;
IKEDA Soji's avatar
IKEDA Soji committed
95
96
97
98
99
use Sympa::WWW::Marc::Search;
use Sympa::WWW::Report;
use Sympa::WWW::Session;
use Sympa::WWW::SharedDocument;
use Sympa::WWW::Tools;
root's avatar
root committed
100
101

## WWSympa librairies
102
my %options;
root's avatar
root committed
103

104
my $sympa_conf_file = Sympa::Constants::CONFIG;
root's avatar
root committed
105

106
107
108
109
our $list;
our $param = {};
our $robot_id;
our $session;
110

111
my $robot;
IKEDA Soji's avatar
IKEDA Soji committed
112
my $cookie_domain;
113
my $ip;
114
my $rss;
115
my $ajax;
salaun's avatar
salaun committed
116

117
my $allow_absolute_path;    #FIXME: to be removed in the future.
118
my @other_include_path;     #FIXME: ditto.
119

root's avatar
root committed
120
## Load sympa config
121
unless (Conf::load()) {
122
    printf STDERR
123
124
        "Unable to load sympa configuration, file %s or one of the vhost robot.conf files contain errors. Exiting.\n",
        Conf::get_sympa_conf();
125
    exit 1;
root's avatar
root committed
126
127
}

128
129
130
131
132
# Open log
my $log = Sympa::Log->instance;
$log->{level} = $Conf::Conf{'log_level'};
$log->openlog($Conf::Conf{'log_facility'} || $Conf::Conf{'syslog'},
    $Conf::Conf{'log_socket_type'});
133

134
Sympa::Spool::Listmaster->instance->{use_bulk} = 1;
root's avatar
root committed
135
136
137
138
139
140
141
142
143
144
145

# hash of all the description files already loaded
# format :
#     $desc_files{pathfile}{'date'} : date of the last load
#     $desc_files{pathfile}{'desc_hash'} : hash which describes
#                         the description file

#%desc_files_map; NOT USED ANYMORE

## Shared directory and description file

146
147
#$shared = 'shared';
#$desc = '.desc';
root's avatar
root committed
148
149

## subroutines
150
our %comm = (
Luc Didry's avatar
Luc Didry committed
151
152
153
    'confirm_action' => 'do_confirm_action',
    'home'           => 'do_home',
    'logout'         => 'do_logout',
154
    #'loginrequest'           => 'do_loginrequest',
Luc Didry's avatar
Luc Didry committed
155
156
157
158
    'login'               => 'do_login',
    'sso_login'           => 'do_sso_login',
    'sso_login_succeeded' => 'do_sso_login_succeeded',
    'subscribe'           => 'do_subscribe',
159
    #'multiple_subscribe'     => 'do_multiple_subscribe',
160
    #'subrequest'             => 'do_subrequest',
161
162
163
164
165
166
    'subindex'       => 'do_subindex',
    'suboptions'     => 'do_suboptions',
    'signoff'        => 'do_signoff',
    'auto_signoff'   => 'do_auto_signoff',
    'family_signoff' => 'do_family_signoff',
    #'family_signoff_request' => 'do_family_signoff_request',
167
    #XXX'multiple_signoff'    => 'do_multiple_signoff',
168
    #'sigrequest' => 'do_sigrequest',
169
170
171
172
    'sigindex' => 'do_sigindex',
    'decl_add' => 'do_decl_add',
    'decl_del' => 'do_decl_del',
    'my'       => 'do_my',
173
    #'which' => 'do_which',
174
    'lists'            => 'do_lists',
175
    'lists_categories' => 'do_lists_categories',
176
177
    'latest_lists'     => 'do_latest_lists',
    'active_lists'     => 'do_active_lists',
178
    'including_lists'  => 'do_including_lists',
179
180
181
182
183
184
185
186
187
188
189
190
191
    'info'             => 'do_info',
    'subscriber_count' => 'do_subscriber_count',
    'review'           => 'do_review',
    'search'           => 'do_search',
    'pref',            => 'do_pref',
    'setpref'          => 'do_setpref',
    'setpasswd'        => 'do_setpasswd',
    'renewpasswd'      => 'do_renewpasswd',
    'firstpasswd'      => 'do_firstpasswd',
    'requestpasswd'    => 'do_requestpasswd',
    'choosepasswd'     => 'do_choosepasswd',
    'set'              => 'do_set',
    'admin'            => 'do_admin',
192
    'import'           => 'do_import',
193
    'add'              => 'do_add',
194
    'auth_add'         => 'do_auth_add',
195
    'del'              => 'do_del',
196
    'auth_del'         => 'do_auth_del',
197
    'mass_del'         => 'do_mass_del',
198
    'modindex'         => 'do_modindex',
199
    'docindex'         => 'do_docindex',
200
201
202
203
204
205
206
    'reject'           => 'do_reject',
    #XXX'reject_notify' => 'do_reject_notify',
    'distribute'      => 'do_distribute',
    'add_frommod'     => 'do_add_frommod',
    'viewmod'         => 'do_viewmod',
    'd_reject_shared' => 'do_d_reject_shared',
    #XXX'reject_notify_shared' => 'do_reject_notify_shared',
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
    'd_install_shared'  => 'do_d_install_shared',
    'editfile'          => 'do_editfile',
    'savefile'          => 'do_savefile',
    'arc'               => 'do_arc',
    'latest_arc'        => 'do_latest_arc',
    'latest_d_read'     => 'do_latest_d_read',
    'arc_manage'        => 'do_arc_manage',
    'remove_arc'        => 'do_remove_arc',
    'send_me'           => 'do_send_me',
    'view_source'       => 'do_view_source',
    'tracking'          => 'do_tracking',
    'arcsearch_form'    => 'do_arcsearch_form',
    'arcsearch_id'      => 'do_arcsearch_id',
    'arcsearch'         => 'do_arcsearch',
    'rebuildarc'        => 'do_rebuildarc',
    'rebuildallarc'     => 'do_rebuildallarc',
    'arc_download'      => 'do_arc_download',
    'arc_delete'        => 'do_arc_delete',
    'serveradmin'       => 'do_serveradmin',
    'set_loglevel'      => 'do_set_loglevel',
    'set_dumpvars'      => 'do_set_dumpvars',
    'show_sessions'     => 'do_show_sessions',
    'unset_dumpvars'    => 'do_unset_dumpvars',
    'set_session_email' => 'do_set_session_email',
    'restore_email'     => 'do_restore_email',
    'skinsedit'         => 'do_skinsedit',
233
    #XXX'css' => 'do_css',
234
235
236
237
238
239
240
241
242
243
244
245
246
247
    'help'                     => 'do_help',
    'edit_list_request'        => 'do_edit_list_request',
    'edit_list'                => 'do_edit_list',
    'create_list_request'      => 'do_create_list_request',
    'create_list'              => 'do_create_list',
    'get_pending_lists'        => 'do_get_pending_lists',
    'get_closed_lists'         => 'do_get_closed_lists',
    'get_latest_lists'         => 'do_get_latest_lists',
    'get_inactive_lists'       => 'do_get_inactive_lists',
    'get_biggest_lists'        => 'do_get_biggest_lists',
    'set_pending_list_request' => 'do_set_pending_list_request',
    'install_pending_list'     => 'do_install_pending_list',
    'edit_config'              => 'do_edit_config',
    #XXX'submit_list' => 'do_submit_list',
Luc Didry's avatar
Luc Didry committed
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
    'editsubscriber'      => 'do_editsubscriber',
    'edit'                => 'do_edit',
    'viewbounce'          => 'do_viewbounce',
    'redirect'            => 'do_redirect',
    'rename_list_request' => 'do_rename_list_request',
    'move_list'           => 'do_move_list',
    'copy_list'           => 'do_copy_list',
    'reviewbouncing'      => 'do_reviewbouncing',
    'resetbounce'         => 'do_resetbounce',
    'scenario_test'       => 'do_scenario_test',
    'search_list'         => 'do_search_list',
    'search_list_request' => 'do_search_list_request',
    'show_cert'           => 'do_show_cert',
    'close_list'          => 'do_close_list',
    'open_list'           => 'do_open_list',
    'purge_list'          => 'do_purge_list',
    'upload_pictures'     => 'do_upload_pictures',
    'delete_pictures'     => 'do_delete_pictures',
    'd_read'              => 'do_d_read',
    'd_create_child'      => 'do_d_create_child',
    'd_unzip'             => 'do_d_unzip',
    'd_editfile'          => 'do_d_editfile',
    'd_properties'        => 'do_d_properties',
    'd_update'            => 'do_d_update',
    'd_describe'          => 'do_d_describe',
    'd_delete'            => 'do_d_delete',
    'd_rename'            => 'do_d_rename',
    'd_control'           => 'do_d_control',
    'd_change_access'     => 'do_d_change_access',
    'd_set_owner'         => 'do_d_set_owner',
    'd_admin'             => 'do_d_admin',
    'dump_scenario'       => 'do_dump_scenario',
    'export_member'       => 'do_export_member',
    'remind'              => 'do_remind',
    'move_user'           => 'do_move_user',
    'load_cert'           => 'do_load_cert',
    'compose_mail'        => 'do_compose_mail',
    'send_mail'           => 'do_send_mail',
    'request_topic'       => 'do_request_topic',
    'tag_topic_by_sender' => 'do_tag_topic_by_sender',
    'search_user'         => 'do_search_user',
    'set_lang'            => 'do_set_lang',
    'attach'              => 'do_attach',
    'stats'               => 'do_stats',
    'viewlogs'            => 'do_viewlogs',
    'wsdl'                => 'do_wsdl',
    'sync_include'        => 'do_sync_include',
    'review_family'       => 'do_review_family',
    'ls_templates'        => 'do_ls_templates',
    'remove_template'     => 'do_remove_template',
    'copy_template'       => 'do_copy_template',
    'view_template'       => 'do_view_template',
    'edit_template'       => 'do_edit_template',
301
302
303
304
305
306
307
    #'rss' => 'do_rss', #FIXME:Currently processed in differenct way.
    'rss_request'     => 'do_rss_request',
    'maintenance'     => 'do_maintenance',
    'blacklist'       => 'do_blacklist',
    'edit_attributes' => 'do_edit_attributes',
    'ticket'          => 'do_ticket',
    'manage_template' => 'do_manage_template',
308
309
310
311
312
    'rt_create'       => 'do_rt_create',
    'rt_delete'       => 'do_rt_delete',
    'rt_edit'         => 'do_rt_edit',
    'rt_setdefault'   => 'do_rt_setdefault',
    'rt_update'       => 'do_rt_update',
313
    #XXX'send_newsletter' => 'do_send_newsletter',
sikeda's avatar
sikeda committed
314
    'suspend'                => 'do_suspend',
315
316
317
318
319
320
321
322
323
    'suspend_request'        => 'do_suspend_request',
    'suspend_request_action' => 'do_suspend_request_action',
    'show_exclude'           => 'do_show_exclude',
    # 'ca' stands for 'custom_action'. I used a short name to make it discrete
    # in a URL.
    'ca' => 'do_ca',
    # 'lca' stands for 'list_custom_action'. I used a short name to make it
    # discrete in a URL.
    'lca' => 'do_lca',
324
325
326
327
328
329
    #XXX'automatic_lists_management_request' =>
    #XXX    'do_automatic_lists_management_request',
    #XXX'automatic_lists_management'    => 'do_automatic_lists_management',
    'create_automatic_list'         => 'do_create_automatic_list',
    'create_automatic_list_request' => 'do_create_automatic_list_request',
    'auth'                          => 'do_auth',
330
    'delete_account'                => 'do_delete_account',
331
332
);

333
my %comm_aliases = (
334
335
336
337
338
339
    'add_fromsub'             => 'auth_add',
    'add_request'             => 'import',
    'automatic_lists'         => 'create_automatic_list',
    'automatic_lists_request' => 'create_automatic_list_request',
    'change_email'            => 'move_user',
    'change_email_request'    => 'move_user',
340
    'del_fromsig'             => 'auth_del',
341
    'dump'                    => 'export_member',
342
    'family_signoff_request'  => 'family_signoff',
343
344
    'ignoresig'               => 'decl_del',
    'ignoresub'               => 'decl_add',
345
    'loginrequest'            => 'login',
346
    'rename_list'             => 'move_list',
347
    'restore_list'            => 'open_list',
348
349
    'sigrequest'              => 'signoff',
    'subrequest'              => 'subscribe',
350
351
);

352
353
# No longer used.
#my %auth_action;
354

355
356
357
358
359
360
# Arguments awaited in the PATH_INFO, depending on the action.
# NOTE:
# * The email addresses should NOT be embedded in PATH_INFO, because included
#   slashes (/) cannot be handled correctly by web servers. They are kept just
#   for compatibility to earlier releases of Sympa.  Use query parameters
#   instead.
361
our %action_args = (
Luc Didry's avatar
Luc Didry committed
362
363
364
    'default'         => ['list'],
    'editfile'        => ['list', 'file', 'previous_action'],
    'requestpasswd'   => ['email'],
sikeda's avatar
sikeda committed
365
366
367
368
    'choosepasswd'    => ['email', 'passwd'],
    'lists'           => ['topic', 'subtopic'],
    'latest_lists'    => ['topic', 'subtopic'],
    'active_lists'    => ['topic', 'subtopic'],
369
    'including_lists' => ['list'],
Luc Didry's avatar
Luc Didry committed
370
    'login'           => ['previous_action', 'previous_list'],
371
372
373
    'sso_login' => ['auth_service_name', 'subaction', 'email', 'ticket'],
    'sso_login_succeeded' =>
        ['auth_service_name', 'previous_action', 'previous_list'],
374
    #'loginrequest' => ['previous_action', 'previous_list'],
Luc Didry's avatar
Luc Didry committed
375
376
377
    'logout'      => ['previous_action', 'previous_list'],
    'renewpasswd' => ['previous_action', 'previous_list'],
    'firstpasswd' => ['previous_action', 'previous_list'],
378
    #XXX'css' => ['file'],
379
380
381
382
    'pref'             => ['previous_action', 'previous_list'],
    'reject'           => ['list',            'id'],
    'distribute'       => ['list',            'id'],
    'add_frommod'      => ['list',            'id'],
383
    'dump_scenario'    => ['list',            'scenario_function'],
384
385
386
    'd_reject_shared'  => ['list',            'id'],
    'd_install_shared' => ['list',            'id'],
    'modindex'         => ['list'],
387
    'docindex'         => ['list'],
Luc Didry's avatar
Luc Didry committed
388
389
390
391
    'viewmod'          => ['list',            'id', '@file'],
    'add'              => ['list',            'email'],
    'import' => ['list'],
    'del'    => ['list', 'email'],
392
393
394
    #'editsubscriber' =>
    #    ['list', 'email', 'previous_action', 'custom_attribute'],
    #'editsubscriber' => ['list', 'email', 'previous_action'],
395
    'editsubscriber' => ['list'],
396
    'edit'           => ['list', 'role'],
397
398
    #'viewbounce' => ['list', 'email', '@file'],
    'viewbounce' => ['list', 'dir', '@file'],
399
    #'resetbounce'    => ['list', 'email'],
400
    'review'         => ['list', 'page',  'size', 'sortby'],
401
402
403
404
405
    'reviewbouncing' => ['list', 'page',  'size'],
    'arc'            => ['list', 'month', '@arc_file'],
    'latest_arc'     => ['list'],
    'arc_manage'     => ['list'],
    'arcsearch_form' => ['list', 'archive_name'],
406
    'arcsearch_id'   => ['list', 'archive_name', '@msgid'],
407
408
409
410
411
412
413
    'rebuildarc'     => ['list', 'month'],
    'rebuildallarc' => [],
    'arc_download'  => ['list'],
    'arc_delete'    => ['list', 'zip'],
    'home'          => [],
    'help'          => ['help_topic'],
    'show_cert'     => [],
414
    'subscribe'     => ['list'],
415
    #'subrequest' => ['list','email'],
416
417
418
419
420
421
    'subindex'       => ['list'],
    'decl_add'       => ['list'],
    'signoff'        => ['list'],
    'auto_signoff'   => ['list'],
    'family_signoff' => ['family'],
    #'family_signoff_request' => ['family', 'email'],
422
    #'sigrequest'             => ['list',   'email'],
Luc Didry's avatar
Luc Didry committed
423
424
    'sigindex'           => ['list'],
    'decl_del'           => ['list'],
425
    'set'                => ['list', 'email', 'reception', 'gecos'],
426
427
428
429
430
431
432
433
    'serveradmin'        => ['subaction'],
    'set_session_email'  => ['email'],
    'skinsedit'          => [],
    'get_pending_lists'  => [],
    'get_closed_lists'   => [],
    'get_latest_lists'   => [],
    'get_inactive_lists' => [],
    'get_biggest_lists'  => [],
sikeda's avatar
sikeda committed
434
    'search_list'        => ['filter_list'],
Luc Didry's avatar
Luc Didry committed
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
    'shared'            => ['list', '@path'],        #FIXME: no such function.
    'd_read'            => ['list', '@path'],
    'latest_d_read'     => ['list'],
    'd_admin'           => ['list', 'd_admin'],
    'd_delete'          => ['list', '@path'],
    'd_rename'          => ['list', '@path'],
    'd_create_child'    => ['list', '@path'],
    'd_update'          => ['list', '@path'],
    'd_describe'        => ['list', '@path'],
    'd_editfile'        => ['list', '@path'],
    'd_properties'      => ['list', '@path'],
    'd_control'         => ['list', '@path'],
    'd_change_access'   => ['list', '@path'],
    'd_set_owner'       => ['list', '@path'],
    'export_member'     => ['list', 'format'],
    'search'            => ['list', 'filter'],
    'search_user'       => ['email'],
    'set_lang'          => ['lang'],
    'attach'            => ['list', 'dir', 'file'],
    'stats'             => ['list'],
455
    'edit_list_request' => ['list', 'group'],
Luc Didry's avatar
Luc Didry committed
456
457
458
459
460
461
462
463
464
465
466
467
468
    'move_list'           => ['list', 'new_listname', 'new_robot'],
    'copy_list'           => ['list', 'new_listname', 'new_robot'],
    'redirect'            => [],
    'viewlogs'            => ['list', 'page', 'size', 'sortby'],
    'wsdl'                => [],
    'sync_include'        => ['list'],
    'review_family'       => ['family_name'],
    'ls_templates'        => ['list'],
    'view_template'       => [],
    'remove_template'     => [],
    'copy_template'       => ['list'],
    'edit_template'       => ['list'],
    'rss_request'         => ['list'],
469
470
471
    'request_topic'       => ['list', 'authkey'],
    'tag_topic_by_sender' => ['list'],
    'ticket'              => ['ticket'],
472
    'move_user'           => [],
Luc Didry's avatar
Luc Didry committed
473
474
475
476
477
478
479
480
481
482
    'manage_template'     => ['subaction', 'list', 'message_template'],
    'rt_delete'           => ['list', 'message_template'],
    'rt_edit'             => ['list', 'message_template'],
    'send_newsletter'     => [],
    'compose_mail'        => ['list', 'subaction'],
    'suspend'             => ['list'],
    'suspend_request'     => ['subaction'],
    'show_exclude'        => ['list'],
    'ca'                  => ['custom_action', '@cap'],
    'lca'                 => ['custom_action', 'list', '@cap'],
483
484
    #XXX'automatic_lists_management_request' => [],
    #XXX'automatic_lists_management'         => [],
Luc Didry's avatar
Luc Didry committed
485
486
487
488
489
    'create_automatic_list'         => ['family'],
    'create_automatic_list_request' => ['family'],
    'auth'                          => ['id', 'heldaction', 'listname'],
    'auth_add'                      => ['list'],
    'auth_del'                      => ['list'],
490
);
root's avatar
root committed
491

492
## Define the required parameters for each action
493
494
## Parameter names refer to the %in structure of to $param if mentionned as
## 'param.x'
495
496
## This structure is used to determine if any parameter is missing
## The list of parameters is not ordered
497
498
499
## Some keywords are reserved: param.list and param.user.email
## Alternate parameters can be defined with the '|' character
## Limits of this structure: it does not define optional parameters (a or b)
500
501
502
## Limit: it does not allow to have a specific error message and redirect to a
## given page if the parameter is missing
our %required_args = (
Luc Didry's avatar
Luc Didry committed
503
504
505
506
507
508
509
510
511
512
513
514
    'active_lists'   => ['for|count'],
    'admin'          => ['param.list', 'param.user.email'],
    'add'            => ['param.list', 'param.user.email'],
    'import'         => ['param.list', 'param.user.email'],
    'arc'            => ['param.list'],
    'arc_delete'     => ['param.user.email', 'param.list'],
    'arc_download'   => ['param.user.email', 'param.list'],
    'arc_manage'     => ['param.list'],
    'arcsearch'      => ['param.list'],
    'arcsearch_form' => ['param.list'],
    'arcsearch_id'   => ['param.list'],
    'auth'           => ['id', 'heldaction', 'email'],
515
516
    'auth_add'       => ['param.list', 'param.user.email', 'id'],
    'auth_del'       => ['param.list', 'param.user.email', 'id'],
Luc Didry's avatar
Luc Didry committed
517
518
519
520
521
522
523
524
    'auto_signoff'   => ['param.list', 'email'],
    'attach'         => ['param.list'],
    'blacklist'      => ['param.list'],
    'move_user' =>
        ['param.user.email', 'current_email|old_email', 'email|new_email'],
    'close_list'    => ['param.user.email', 'param.list'],
    'compose_mail'  => ['param.user.email', 'param.list'],
    'copy_template' => ['webormail'],
525
    ## other required parameters are checked in the subroutine
526
527
    'create_automatic_list'         => ['param.user.email', 'family'],
    'create_automatic_list_request' => ['param.user.email', 'family'],
528
    'create_list'                   => ['param.user.email', 'info'],
529
    'create_list_request'           => ['param.user.email'],
530
    #XXX'css' => [],
531
532
533
534
535
    'd_admin'         => ['param.list', 'param.user.email'],
    'd_change_access' => ['param.list', 'param.user.email'],
    'd_control'       => ['param.list', 'param.user.email'],
    'd_create_child' =>
        ['param.list', 'param.user.email', 'new_name|uploaded_file'],
536
537
538
539
540
541
542
543
    'd_delete'         => ['param.list', 'param.user.email'],
    'd_describe'       => ['param.list', 'param.user.email', 'content'],
    'd_editfile'       => ['param.list', 'param.user.email'],
    'd_install_shared' => ['param.list', 'param.user.email', 'id'],
    'd_properties'     => ['param.list', 'param.user.email'],
    'd_read'          => ['param.list'],
    'd_reject_shared' => ['param.list', 'param.user.email', 'id'],
    'd_rename'        => ['param.list', 'param.user.email', 'new_name'],
544
    'd_update' =>
545
        ['param.list', 'param.user.email', 'content|url|uploaded_file'],
546
    'd_set_owner'     => ['param.list', 'param.user.email'],
sikeda's avatar
sikeda committed
547
    'd_unzip'         => ['param.list', 'param.user.email', 'uploaded_file'],
548
549
550
551
    'del'             => ['param.list', 'param.user.email', 'email'],
    'delete_pictures' => ['param.list', 'param.user.email'],
    'distribute'      => ['param.list', 'param.user.email', 'id|idspam'],
    'add_frommod'     => ['param.list', 'param.user.email', 'id'],
552
    'dump_scenario'   => ['param.list', 'scenario_function|pname'],
553
    'edit'            => ['param.list', 'param.user.email', 'role', 'email'],
Luc Didry's avatar
Luc Didry committed
554
555
556
557
558
559
    'edit_list'         => ['param.user.email', 'param.list'],
    'edit_list_request' => ['param.user.email', 'param.list'],
    'edit_template'     => ['webormail'],
    'editfile'          => ['param.user.email'],
    'editsubscriber'    => ['param.list',       'param.user.email', 'email'],
    'export_member'        => ['param.list'],
560
    'family_signoff'       => ['family', 'email'],
Luc Didry's avatar
Luc Didry committed
561
562
563
564
565
    'get_closed_lists'     => ['param.user.email'],
    'get_inactive_lists'   => ['param.user.email'],
    'get_latest_lists'     => ['param.user.email'],
    'get_biggest_lists'    => ['param.user.email'],
    'get_pending_lists'    => ['param.user.email'],
566
567
    'decl_del'             => ['param.list', 'param.user.email', 'id'],
    'decl_add'             => ['param.list', 'param.user.email', 'id'],
568
    'delete_account'       => ['passwd', 'i_understand_the_consequences'],
569
    'including_lists'      => ['param.list', 'param.user.email'],
570
571
572
573
    'info'                 => ['param.list'],
    'install_pending_list' => ['param.user.email'],
    'edit_config'          => ['param.user.email'],
    'latest_arc'           => ['param.list', 'for|count'],
Luc Didry's avatar
Luc Didry committed
574
575
576
577
578
579
    'latest_d_read'        => ['param.list', 'for', 'count'],
    'latest_lists'         => ['for|count'],
    'load_cert'            => ['param.list'],
    'logout'               => ['param.user.email'],
    'manage_template'      => ['param.list', 'param.user.email'],
    'my'                   => ['param.user.email'],
580
    'rt_create' => ['param.list', 'param.user.email', 'new_template_name'],
Luc Didry's avatar
Luc Didry committed
581
582
    'rt_delete' => ['param.list', 'param.user.email', 'message_template'],
    'rt_edit'   => ['param.list', 'param.user.email', 'message_template'],
583
584
585
    'rt_setdefault' => ['param.list', 'param.user.email', 'new_default'],
    'rt_update' =>
        ['param.list', 'param.user.email', 'message_template', 'content'],
Luc Didry's avatar
Luc Didry committed
586
587
588
589
590
591
592
593
    'modindex'      => ['param.list',       'param.user.email'],
    'docindex'      => ['param.list',       'param.user.email'],
    'pref'          => ['param.user.email'],
    'purge_list'    => ['param.user.email', 'selected_lists'],
    'rebuildallarc' => ['param.user.email'],
    'rebuildarc'    => ['param.user.email', 'param.list'],
    'reject'        => ['param.list',       'param.user.email', 'id|idspam'],
    'remind'        => ['param.list',       'param.user.email'],
594
595
    'remove_arc'      => ['param.list'],
    'remove_template' => ['webormail'],
596
    'move_list' =>
597
598
599
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'copy_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
600
    'open_list'           => ['param.user.email', 'param.list'],
601
602
    'rename_list_request' => ['param.user.email', 'param.list'],
    'request_topic'       => ['param.list',       'authkey'],
Luc Didry's avatar
Luc Didry committed
603
    'resetbounce'     => ['param.list', 'param.user.email', 'email'],
604
605
606
607
608
    'review'          => ['param.list'],
    'review_family'   => ['param.user.email', 'family_name'],
    'reviewbouncing'  => ['param.list'],
    'rss_request'     => [],
    'savefile'        => ['param.user.email', 'file'],
609
    'search'          => ['param.list'],
610
611
612
613
614
615
616
617
    'search_user'     => ['param.user.email', 'email'],
    'send_mail'       => ['param.user.email'],
    'send_newsletter' => ['param.list', 'param.user.email', 'url'],
    'send_me'         => ['param.list'],
    'view_source'     => ['param.list'],
    'tracking'        => ['param.list'],
    'requestpasswd'   => ['email'],
    'serveradmin'     => ['param.user.email'],
618
    'set'      => ['param.user.email', 'param.list', 'reception|visibility'],
619
620
    'set_lang' => [],
    'set_pending_list_request' => ['param.user.email'],
Luc Didry's avatar
Luc Didry committed
621
622
623
624
625
626
627
628
629
630
631
632
633
    'setpasswd'        => ['param.user.email', 'newpasswd1', 'newpasswd2'],
    'setpref'          => ['param.user.email'],
    'sigindex'         => ['param.list', 'param.user.email'],
    'signoff'          => ['param.list'],
    'skinsedit'        => ['param.user.email'],
    'sso_login'        => ['auth_service_name'],
    'stats'            => ['param.list'],
    'subindex'         => ['param.list', 'param.user.email'],
    'suboptions'       => ['param.list', 'param.user.email'],
    'subscribe'        => ['param.list'],
    'subscriber_count' => ['param.list'],
    'suspend'          => ['param.list', 'param.user.email'],
    'suspend_request'  => [],
634
635
    'suspend_request_action' => [],
    'show_exclude'           => ['param.list'],
Luc Didry's avatar
Luc Didry committed
636
    'sync_include'           => ['param.list', 'param.user.email'],
637
638
639
    'tag_topic_by_sender'    => ['param.list'],
    'upload_pictures'        => ['param.user.email', 'param.list'],
    'view_template'          => ['webormail'],
Luc Didry's avatar
Luc Didry committed
640
    'viewbounce'             => ['param.list', 'email|file'],
641
642
643
    'viewlogs'               => ['param.list'],
    'viewmod' => ['param.list', 'param.user.email', 'id|idspam'],
    'wsdl'    => [],
644
    #'which' => ['param.user.email'],
645
);
646
647
648

## Defines the required privileges to access privileged actions
## You can define a set ofequiivalent privileges in the ARRAYREF
649
our %required_privileges = (
Luc Didry's avatar
Luc Didry committed
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
    'admin'                    => ['owner', 'editor'],
    'arc_delete'               => ['owner'],
    'arc_download'             => ['owner'],
    'arc_manage'               => ['owner'],
    'auth_add'                 => ['owner', 'editor'],
    'auth_del'                 => ['owner', 'editor'],
    'blacklist'                => ['owner', 'editor'],
    'close_list'               => ['privileged_owner'],
    'copy_template'            => ['listmaster'],
    'd_install_shared'         => ['editor', 'owner'],
    'd_reject_shared'          => ['editor', 'owner'],
    'distribute'               => ['editor', 'owner', 'listmaster'],
    'add_frommod'              => ['editor', 'owner'],
    'dump_scenario'            => ['listmaster'],
    'edit'                     => ['editor', 'owner', 'listmaster'],
    'edit_list'                => ['owner'],
    'edit_list_request'        => ['owner'],
    'edit_template'            => ['listmaster'],
    'editfile'                 => ['owner', 'listmaster'],
    'editsubscriber'           => ['owner', 'editor'],
    'get_closed_lists'         => ['listmaster'],
    'get_inactive_lists'       => ['listmaster'],
    'get_latest_lists'         => ['listmaster'],
    'get_biggest_lists'        => ['listmaster'],
    'get_pending_lists'        => ['listmaster'],
    'decl_del'                 => ['owner', 'editor'],
    'decl_add'                 => ['owner', 'editor'],
    'including_lists'          => ['owner', 'listmaster'],
    'install_pending_list'     => ['listmaster'],
    'edit_config'              => ['listmaster'],
    'ls_templates'             => ['listmaster'],
    'manage_template'          => ['owner'],
682
    'mass_del'                 => ['listmaster'],
Luc Didry's avatar
Luc Didry committed
683
684
685
686
687
688
689
690
691
692
693
694
695
    'rt_create'                => ['owner'],
    'rt_delete'                => ['owner'],
    'rt_edit'                  => ['owner'],
    'rt_setdefault'            => ['owner'],
    'rt_update'                => ['owner'],
    'modindex'                 => ['editor', 'owner', 'listmaster'],
    'docindex'                 => ['editor', 'owner', 'listmaster'],
    'purge_list'               => ['privileged_owner', 'listmaster'],
    'rebuildallarc'            => ['listmaster'],
    'rebuildarc'               => ['listmaster'],
    'reject'                   => ['editor', 'owner', 'listmaster'],
    'remove_template'          => ['listmaster'],
    'move_list'                => ['privileged_owner'],
696
    'copy_list'                => ['owner', 'listmaster'],
697
    'open_list'                => ['listmaster'],
698
699
700
701
    'rename_list_request'      => ['privileged_owner'],
    'resetbounce'              => ['owner', 'editor'],
    'review_family'            => ['listmaster'],
    'reviewbouncing'           => ['owner', 'editor'],
702
    'savefile'                 => ['owner', 'listmaster'],
703
704
705
706
707
708
709
    'search_user'              => ['listmaster'],
    'serveradmin'              => ['listmaster'],
    'set_dumpvars'             => ['listmaster'],
    'set_loglevel'             => ['listmaster'],
    'set_pending_list_request' => ['listmaster'],
    'set_session_email'        => ['listmaster'],
    'show_sessions'            => ['listmaster'],
710
    'sigindex'                 => ['owner', 'editor'],
711
712
713
714
715
716
717
    'stats'                    => ['owner'],
    'subindex'                 => ['owner', 'editor'],
    'sync_include'             => ['owner', 'editor'],
    'skinsedit'                => ['listmaster'],
    'view_template'            => ['listmaster'],
    'viewbounce'               => ['owner', 'editor'],
    'viewlogs'                 => ['owner', 'editor'],
Luc Didry's avatar
Luc Didry committed
718
    'viewmod'                  => ['editor', 'owner', 'listmaster'],
719
720
    #XXX'automatic_lists_management_request' => ['listmaster'],
    #XXX'automatic_lists_management'         => ['listmaster'],
721
722
);

723
724
725
726
727
728
729
730
# An action is a candidate for this list if it modifies an object or setting.
#
# Why not just protect all actions? Many of them are used in GET requests
# without any forms, making it more difficult to supply a CSRF token.
# This list intentionally starts out small in the name of breaking as little
# as possible.

our %require_csrftoken = (
731
732
733
734
735
736
    'add'       => 1,
    'del'       => 1,
    'move_user' => 1,
    'savefile'  => 1,
    'setpasswd' => 1,
    'setpref'   => 1,
737
738
);

739
740
741
# this definition is used to choose the left side menu type (admin ->
# listowner admin menu | serveradmin -> server_admin menu | none list or
# your_list menu)
742
my %action_type = (
Luc Didry's avatar
Luc Didry committed
743
744
745
746
747
748
    'review' => 'admin',
    'search' => 'admin',
    'admin'  => 'admin',
    'import' => 'admin',
    'add'    => 'admin',
    'del'    => 'admin',
749
    # 'modindex' =>'admin',
Luc Didry's avatar
Luc Didry committed
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
    'reject'            => 'admin',
    'reject_notify'     => 'admin',
    'distribute'        => 'admin',
    'add_frommod'       => 'admin',
    'viewmod'           => 'admin',
    'savefile'          => 'admin',
    'rebuildallarc'     => 'admin',    #FIXME: serveradmin?
    'reviewbouncing'    => 'admin',
    'edit'              => 'admin',
    'edit_list_request' => 'admin',
    'edit_list'         => 'admin',
    'editsubscriber'    => 'admin',
    'viewbounce'        => 'admin',
    'resetbounce'       => 'admin',
    'scenario_test'     => 'admin',
    'close_list'        => 'admin',
    'd_admin'           => 'admin',
    'd_reject_shared'   => 'admin',
    'd_install_shared'  => 'admin',
    'dump_scenario'     => 'admin',
    'export_member'     => 'admin',
    'open_list'         => 'admin',
    'remind'            => 'admin',
773
    #'subindex' => 'admin',
Luc Didry's avatar
Luc Didry committed
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
    'stats'               => 'admin',
    'decl_del'            => 'admin',
    'decl_add'            => 'admin',
    'move_list'           => 'admin',
    'copy_list'           => 'admin',
    'rename_list_request' => 'admin',
    'arc_manage'          => 'admin',
    'sync_include'        => 'admin',
    'view_template'       => 'admin',
    'remove_template'     => 'admin',
    'copy_template'       => 'admin',
    'edit_template'       => 'admin',
    'blacklist'           => 'admin',
    'viewlogs'            => 'admin',
    'serveradmin'         => 'serveradmin',
    'get_pending_lists'   => 'serveradmin',
    'get_closed_lists'    => 'serveradmin',
    'get_inactive_lists'  => 'serveradmin',
    'get_latest_lists'    => 'serveradmin',
    'get_biggest_lists'   => 'serveradmin',
    'ls_templates'        => 'serveradmin',
    'skinsedit'           => 'serveradmin',
    'review_family'       => 'serveradmin',
    'search_user'         => 'serveradmin',
    'show_sessions'       => 'serveradmin',
    'show_exclude'        => 'admin',
    'rebuildarc'          => 'serveradmin',
    'set_session_email'   => 'serveradmin',
    'set_loglevel'        => 'serveradmin',
    'editfile'            => 'serveradmin',    #FIXME: admin?
    'unset_dumpvars'      => 'serveradmin',
    'set_dumpvars'        => 'serveradmin',
806
807
    #XXX'automatic_lists_management_request' => 'serveradmin',
    #XXX'automatic_lists_management'         => 'serveradmin',
808
);
root's avatar
root committed
809

810
# Actions that are not used in return of login,
811
my %temporary_actions = (
812
    'confirm_action'      => 1,
813
814
815
816
817
818
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'ticket'              => 1,
819
    #XXX'css' => 1,
820
821
822
823
    'rss'      => 1,    # FIXME:currently not used.
    'ajax'     => 1,
    'wsdl'     => 1,
    'redirect' => 1,
824
);
825

826
827
828
## Regexp applied on incoming parameters (%in)
## The aim is not a strict definition of parameter format
## but rather a security check
829
our %in_regexp = (
830
831
832
833
834
835
    ## Default regexp
    '*' => '[\w\-\.]+',

    ## List config parameters
    'single_param'   => '.+',
    'multiple_param' => '.+',
IKEDA Soji's avatar
IKEDA Soji committed
836
    'deleted_param'  => '.+',
837
838
839
840
841
842
843
844
845
846

    ## Textarea content
    'template_content'     => '.+',
    'content'              => '.+',
    'body'                 => '.+',
    'info'                 => '.+',
    'new_scenario_content' => '.+',
    'blacklist'            => '.*',

    ## Integer
847
    'page' => '\d+|owner|editor',
848
849
850
851
852
853
854
855
856
857
    'size' => '\d+',

    ## Free data
    'subject'          => '.*',
    'gecos'            => '[^<>\\\*\$\n]+',
    'fromname'         => '[^<>\\\*\$\n]+',
    'additional_field' => '[^<>\\\*\$\n]+',
    'dump'             => '[^<>\\\*\$]+',     # contents email + gecos

    ## Search
858
    'filter'      => '.*',                    # search subscriber
sikeda's avatar
sikeda committed
859
    'filter_list' => '.*',                    # search list
860
861
    'key_word'    => '.*',
    'format'      => '[^<>\\\$\n]+',          # dump format/filter string
862
863
864
865
866
867
868
869
870

    ## File names
    'file'          => '[^<>\*\$\n]+',
    'template_path' => '[\w\-\.\/_]+',
    'arc_file'      => '[^<>\\\*\$\n]+',
    'path'          => '[^<>\\\*\$\n]+',
    'uploaded_file' =>
        '(.*[\/\\\\])?[^<>\*\$\n]+',          # Could be precised (use of "'")
    'dir'               => '[^<>\\\*\$\n]+',
871
    'new_name'          => '[^<>\\\*\$\[\]\/\n]+',
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
    'shortname'         => '[^<>\\\*\$\n]+',
    'id'                => '[^<>\\\*\$\n]+',
    'template_name'     => Sympa::Regexps::template_name(),
    'new_template_name' => Sympa::Regexps::template_name(),
    'message_template'  => Sympa::Regexps::template_name(),
    'new_default'       => Sympa::Regexps::template_name(),

    ## Archives
    ## format is yyyy-mm for 'arc' and mm for 'send_me'
    'month' => '\d{2}|\d{4}\-\d{2}',

    ## URL
    'referer'         => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'failure_referer' => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'url'             => '[^\\\$\*\"\'\`\^\|\<\>\n]+',

    ## Msg ID
    'msgid'       => '[^\\\*\"\'\`\^\|\n]+',
    'in_reply_to' => '[^\\\*\"\'\`\^\|\n]+',
    'message_id'  => '[^\\\*\"\'\`\^\|\n]+',
892
    'msg_subject' => '.*',
893
894
895
896
897
898
899
900
901

    ## Password
    'passwd'       => '.+',
    'password'     => '.+',
    'newpasswd1'   => '.+',
    'newpasswd2'   => '.+',
    'new_password' => '.+',

    ## Topics
902
    'topic'    => '\@?[\-\w\/]+',
903
904
905
906
907
908
909
910
911
912
913
914
915
916
    'topics'   => '[\-\w\/]+',
    'subtopic' => '[\-\w\/]+',

    ## List names
    'list' => '[\w\-\.\+]*',    ## Sympa::Regexps::listname() + uppercase
    'previous_list'  => '[\w\-\.\+]*',
    'listname'       => '[\w\-\.\+]*',
    'new_listname'   => '[\w\-\.\+]*',
    'selected_lists' => '[\w\-\.\+]*',

    ## Family names
    'family_name' => Sympa::Regexps::family_name(),
    'family'      => Sympa::Regexps::family_name(),

917
    # Email addresses
918
    'current_email' => Sympa::Regexps::email(),
Luc Didry's avatar
Luc Didry committed
919
920
921
922
923
924
925
    'email'         => Sympa::Regexps::email() . '|' . Sympa::Regexps::uid(),
    'init_email'    => Sympa::Regexps::email(),
    'old_email'     => Sympa::Regexps::email(),
    'new_email'     => Sympa::Regexps::email(),
    'sender'        => Sympa::Regexps::email(),
    'fromaddr'      => Sympa::Regexps::email(),
    'del_emails'    => '.*',
926
    'to' => '(([\w\-\_\.\/\+\=\']+|\".*\")\s[\w\-]+(\.[\w\-]+)+(,?))*',
927
928
929
930
931
932
933
934
    'automatic_list_part_*' => '[\w\-\.\+]*',

    ## Host
    'new_robot'   => Sympa::Regexps::host(),
    'remote_host' => Sympa::Regexps::host(),
    'remote_addr' => Sympa::Regexps::host(),

    ## Scenario name
935
936
937
    'scenario'    => Sympa::Regexps::scenario_name(),
    'read_access' => Sympa::Regexps::scenario_name(),
    'edit_access' => Sympa::Regexps::scenario_name(),
938
939
940
941
942
943
944
945
946
947
948
949
950
951
    ## RSS URL or blank
    'active_lists'  => '.*',
    'latest_lists'  => '.*',
    'latest_arc'    => '.*',
    'latest_d_read' => '.*',

    ##Logs
    'target_type' => '[\w\-\.\:]*',
    'target'      => Sympa::Regexps::email(),
    'date_from'   => '[\d\/\-]+',
    'date_to'     => '[\d\/\-]+',
    'ip'          => Sympa::Regexps::host(),

    ## colors
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
    'subaction_test'    => '.*',
    'subaction_reset'   => '.*',
    'subaction_install' => '.*',
    'color_0'           => '\#[0-9a-fA-F]+',
    'color_1'           => '\#[0-9a-fA-F]+',
    'color_2'           => '\#[0-9a-fA-F]+',
    'color_3'           => '\#[0-9a-fA-F]+',
    'color_4'           => '\#[0-9a-fA-F]+',
    'color_5'           => '\#[0-9a-fA-F]+',
    'color_6'           => '\#[0-9a-fA-F]+',
    'color_7'           => '\#[0-9a-fA-F]+',
    'color_8'           => '\#[0-9a-fA-F]+',
    'color_9'           => '\#[0-9a-fA-F]+',
    'color_10'          => '\#[0-9a-fA-F]+',
    'color_11'          => '\#[0-9a-fA-F]+',
    'color_12'          => '\#[0-9a-fA-F]+',
    'color_13'          => '\#[0-9a-fA-F]+',
    'color_14'          => '\#[0-9a-fA-F]+',
    'color_15'          => '\#[0-9a-fA-F]+',
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988

    ## Custom attribute
    'custom_attribute' => '.*',

    ## Templates
    'scope' => 'distrib|robot|family|list|site',

    ## Custom Inputs from create_list_request.tt2
    'custom_input' => '.*',

    ## conf parameters
    'conf_new_value' => '.*',

    ## custom actions
    'cap'  => '.*',
    'lcap' => '.*',

    'plugin' => '.*',
989
990
991

    ## Envelope ID
    'envid' => '\w+',
992
993
994

    ## Authentication/moderation key
    'authkey' => '\w+',
995
996
997

    # Role
    'role' => 'member|editor|owner',
998
);
999

1000
## Regexp applied on incoming parameters (%in)
For faster browsing, not all history is shown. View entire blame