wwsympa.fcgi.in 555 KB
Newer Older
1
#!--PERL--
2
3
4
5
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$

6
# Sympa - SYsteme de Multi-Postage Automatique
7
8
9
10
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
11
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
12
13
# Copyright 2017, 2018, 2019, 2020, 2021 The Sympa Community. See the
# AUTHORS.md file at the top-level directory of this distribution and at
14
# <https://github.com/sympa-community/sympa.git>.
15
16
17
18
19
20
21
22
23
24
25
26
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
27
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
28

29
30
use strict;
##use warnings;
31
use lib split(/:/, $ENV{SYMPALIB} || ''), '--modulesdir--';
olivier.salaun's avatar
olivier.salaun committed
32

33
use DateTime;
34
use DateTime::Format::Mail;
35
use Digest::MD5;
sikeda's avatar
sikeda committed
36
use Encode qw();
37
use English qw(-no_match_vars);
38
use IO::File qw();
sikeda's avatar
sikeda committed
39
use MIME::EncWords;
40
use MIME::Lite::HTML;
sikeda's avatar
sikeda committed
41
use POSIX qw();
42
use Time::Local qw();
43
use URI;
44
use Data::Dumper;    # tentative
45

46
47
48
49
50
51
52
53
54
BEGIN {
    # For some environments not providing Archive::Zip::Simple*, Archive::Zip
    # may be used.  The latter is discouraged because it is memory-consuming.
    eval 'use Archive::Zip::SimpleUnzip qw()';
    eval 'use Archive::Zip::SimpleZip qw()';
    require Archive::Zip
        unless $Archive::Zip::SimpleUnzip::VERSION
        and $Archive::Zip::SimpleZip::VERSION;
}
55

56
use Sympa;
sikeda's avatar
sikeda committed
57
use Sympa::Archive;
root's avatar
root committed
58
use Conf;
59
use Sympa::ConfDef;
60
use Sympa::Constants;
61
use Sympa::Crash Hook => \&_crash_handler;    # Show traceback.
62
use Sympa::Database;
63
use Sympa::DatabaseManager;
sikeda's avatar
sikeda committed
64
use Sympa::Family;
65
use Sympa::HTMLSanitizer;
66
use Sympa::Language;
67
use Sympa::List;
IKEDA Soji's avatar
IKEDA Soji committed
68
69
use Sympa::List::Config;
use Sympa::List::Users;
70
use Sympa::Log;
71
use Sympa::Message;
sikeda's avatar
sikeda committed
72
use Sympa::Regexps;
73
74
use Sympa::Robot;
use Sympa::Scenario;
75
use Sympa::Spindle::ProcessRequest;
76
use Sympa::Spindle::ResendArchive;
77
use Sympa::Spool::Archive;
78
use Sympa::Spool::Auth;
79
use Sympa::Spool::Held;
80
use Sympa::Spool::Incoming;
81
use Sympa::Spool::Listmaster;
82
use Sympa::Spool::Moderation;
83
84
use Sympa::Spool::Outgoing;
use Sympa::Spool::Topic;
85
use Sympa::Task;
86
use Sympa::Template;
87
use Sympa::Ticket;
88
89
use Sympa::Tools::Data;
use Sympa::Tools::File;
90
use Sympa::Tools::Password;
91
use Sympa::Tools::SMIME;
92
use Sympa::Tools::Text;
93
use Sympa::Tracking;
sikeda's avatar
sikeda committed
94
use Sympa::User;
IKEDA Soji's avatar
IKEDA Soji committed
95
use Sympa::WWW::Auth;
96
use Sympa::WWW::FastCGI;
IKEDA Soji's avatar
IKEDA Soji committed
97
98
99
100
use Sympa::WWW::Marc::Search;
use Sympa::WWW::Session;
use Sympa::WWW::SharedDocument;
use Sympa::WWW::Tools;
root's avatar
root committed
101
102

## WWSympa librairies
103
my %options;
root's avatar
root committed
104

105
my $sympa_conf_file = Sympa::Constants::CONFIG;
root's avatar
root committed
106

107
108
109
110
our $list;
our $param = {};
our $robot_id;
our $session;
111

112
my $robot;
IKEDA Soji's avatar
IKEDA Soji committed
113
my $cookie_domain;
114
my $ip;
115
my $rss;
116
my $ajax;
117
my $auth_services;
salaun's avatar
salaun committed
118

119
my $allow_absolute_path;    #FIXME: to be removed in the future.
120
my @other_include_path;     #FIXME: ditto.
121

122
123
my @stash;

root's avatar
root committed
124
## Load sympa config
125
unless (Conf::load()) {
126
    printf STDERR
127
128
        "Unable to load sympa configuration, file %s or one of the vhost robot.conf files contain errors. Exiting.\n",
        Conf::get_sympa_conf();
129
    exit 1;
root's avatar
root committed
130
131
}

132
133
134
135
136
# Open log
my $log = Sympa::Log->instance;
$log->{level} = $Conf::Conf{'log_level'};
$log->openlog($Conf::Conf{'log_facility'} || $Conf::Conf{'syslog'},
    $Conf::Conf{'log_socket_type'});
137

138
Sympa::Spool::Listmaster->instance->{use_bulk} = 1;
root's avatar
root committed
139
140
141
142
143
144
145
146
147
148
149

# hash of all the description files already loaded
# format :
#     $desc_files{pathfile}{'date'} : date of the last load
#     $desc_files{pathfile}{'desc_hash'} : hash which describes
#                         the description file

#%desc_files_map; NOT USED ANYMORE

## Shared directory and description file

150
151
#$shared = 'shared';
#$desc = '.desc';
root's avatar
root committed
152
153

## subroutines
154
our %comm = (
Luc Didry's avatar
Luc Didry committed
155
156
157
    'confirm_action' => 'do_confirm_action',
    'home'           => 'do_home',
    'logout'         => 'do_logout',
158
    #'loginrequest'           => 'do_loginrequest',
Luc Didry's avatar
Luc Didry committed
159
160
161
162
    'login'               => 'do_login',
    'sso_login'           => 'do_sso_login',
    'sso_login_succeeded' => 'do_sso_login_succeeded',
    'subscribe'           => 'do_subscribe',
163
    #'multiple_subscribe'     => 'do_multiple_subscribe',
164
    #'subrequest'             => 'do_subrequest',
165
166
167
168
169
170
    'subindex'       => 'do_subindex',
    'suboptions'     => 'do_suboptions',
    'signoff'        => 'do_signoff',
    'auto_signoff'   => 'do_auto_signoff',
    'family_signoff' => 'do_family_signoff',
    #'family_signoff_request' => 'do_family_signoff_request',
171
    #XXX'multiple_signoff'    => 'do_multiple_signoff',
172
    #'sigrequest' => 'do_sigrequest',
173
174
175
176
    'sigindex' => 'do_sigindex',
    'decl_add' => 'do_decl_add',
    'decl_del' => 'do_decl_del',
    'my'       => 'do_my',
177
    #'which' => 'do_which',
178
    'lists'            => 'do_lists',
179
    'lists_categories' => 'do_lists_categories',
180
181
    'latest_lists'     => 'do_latest_lists',
    'active_lists'     => 'do_active_lists',
182
    'including_lists'  => 'do_including_lists',
183
184
185
186
187
188
189
190
191
192
193
194
195
    'info'             => 'do_info',
    'subscriber_count' => 'do_subscriber_count',
    'review'           => 'do_review',
    'search'           => 'do_search',
    'pref',            => 'do_pref',
    'setpref'          => 'do_setpref',
    'setpasswd'        => 'do_setpasswd',
    'renewpasswd'      => 'do_renewpasswd',
    'firstpasswd'      => 'do_firstpasswd',
    'requestpasswd'    => 'do_requestpasswd',
    'choosepasswd'     => 'do_choosepasswd',
    'set'              => 'do_set',
    'admin'            => 'do_admin',
196
    'import'           => 'do_import',
197
    'add'              => 'do_add',
198
    'auth_add'         => 'do_auth_add',
199
    'del'              => 'do_del',
200
    'auth_del'         => 'do_auth_del',
201
    'mass_del'         => 'do_mass_del',
202
    'modindex'         => 'do_modindex',
203
    'docindex'         => 'do_docindex',
204
205
206
207
208
209
210
    'reject'           => 'do_reject',
    #XXX'reject_notify' => 'do_reject_notify',
    'distribute'      => 'do_distribute',
    'add_frommod'     => 'do_add_frommod',
    'viewmod'         => 'do_viewmod',
    'd_reject_shared' => 'do_d_reject_shared',
    #XXX'reject_notify_shared' => 'do_reject_notify_shared',
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
    'd_install_shared'  => 'do_d_install_shared',
    'editfile'          => 'do_editfile',
    'savefile'          => 'do_savefile',
    'arc'               => 'do_arc',
    'latest_arc'        => 'do_latest_arc',
    'latest_d_read'     => 'do_latest_d_read',
    'arc_manage'        => 'do_arc_manage',
    'remove_arc'        => 'do_remove_arc',
    'send_me'           => 'do_send_me',
    'view_source'       => 'do_view_source',
    'tracking'          => 'do_tracking',
    'arcsearch_form'    => 'do_arcsearch_form',
    'arcsearch_id'      => 'do_arcsearch_id',
    'arcsearch'         => 'do_arcsearch',
    'rebuildarc'        => 'do_rebuildarc',
    'rebuildallarc'     => 'do_rebuildallarc',
    'arc_download'      => 'do_arc_download',
    'arc_delete'        => 'do_arc_delete',
    'serveradmin'       => 'do_serveradmin',
    'set_loglevel'      => 'do_set_loglevel',
    'set_dumpvars'      => 'do_set_dumpvars',
    'show_sessions'     => 'do_show_sessions',
    'unset_dumpvars'    => 'do_unset_dumpvars',
    'set_session_email' => 'do_set_session_email',
    'restore_email'     => 'do_restore_email',
    'skinsedit'         => 'do_skinsedit',
237
    #XXX'css' => 'do_css',
238
239
240
241
242
243
244
245
246
247
248
249
250
251
    'help'                     => 'do_help',
    'edit_list_request'        => 'do_edit_list_request',
    'edit_list'                => 'do_edit_list',
    'create_list_request'      => 'do_create_list_request',
    'create_list'              => 'do_create_list',
    'get_pending_lists'        => 'do_get_pending_lists',
    'get_closed_lists'         => 'do_get_closed_lists',
    'get_latest_lists'         => 'do_get_latest_lists',
    'get_inactive_lists'       => 'do_get_inactive_lists',
    'get_biggest_lists'        => 'do_get_biggest_lists',
    'set_pending_list_request' => 'do_set_pending_list_request',
    'install_pending_list'     => 'do_install_pending_list',
    'edit_config'              => 'do_edit_config',
    #XXX'submit_list' => 'do_submit_list',
Luc Didry's avatar
Luc Didry committed
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
    'editsubscriber'      => 'do_editsubscriber',
    'edit'                => 'do_edit',
    'viewbounce'          => 'do_viewbounce',
    'redirect'            => 'do_redirect',
    'rename_list_request' => 'do_rename_list_request',
    'move_list'           => 'do_move_list',
    'copy_list'           => 'do_copy_list',
    'reviewbouncing'      => 'do_reviewbouncing',
    'resetbounce'         => 'do_resetbounce',
    'scenario_test'       => 'do_scenario_test',
    'search_list'         => 'do_search_list',
    'search_list_request' => 'do_search_list_request',
    'show_cert'           => 'do_show_cert',
    'close_list'          => 'do_close_list',
    'open_list'           => 'do_open_list',
    'purge_list'          => 'do_purge_list',
    'upload_pictures'     => 'do_upload_pictures',
    'delete_pictures'     => 'do_delete_pictures',
    'd_read'              => 'do_d_read',
    'd_create_child'      => 'do_d_create_child',
    'd_unzip'             => 'do_d_unzip',
    'd_editfile'          => 'do_d_editfile',
    'd_properties'        => 'do_d_properties',
    'd_update'            => 'do_d_update',
    'd_describe'          => 'do_d_describe',
    'd_delete'            => 'do_d_delete',
    'd_rename'            => 'do_d_rename',
    'd_control'           => 'do_d_control',
    'd_change_access'     => 'do_d_change_access',
    'd_set_owner'         => 'do_d_set_owner',
    'd_admin'             => 'do_d_admin',
    'dump_scenario'       => 'do_dump_scenario',
    'export_member'       => 'do_export_member',
    'remind'              => 'do_remind',
    'move_user'           => 'do_move_user',
    'load_cert'           => 'do_load_cert',
    'compose_mail'        => 'do_compose_mail',
    'send_mail'           => 'do_send_mail',
    'request_topic'       => 'do_request_topic',
    'tag_topic_by_sender' => 'do_tag_topic_by_sender',
    'search_user'         => 'do_search_user',
    'set_lang'            => 'do_set_lang',
    'attach'              => 'do_attach',
    'stats'               => 'do_stats',
    'viewlogs'            => 'do_viewlogs',
    'wsdl'                => 'do_wsdl',
    'sync_include'        => 'do_sync_include',
    'review_family'       => 'do_review_family',
    'ls_templates'        => 'do_ls_templates',
    'remove_template'     => 'do_remove_template',
    'copy_template'       => 'do_copy_template',
    'view_template'       => 'do_view_template',
    'edit_template'       => 'do_edit_template',
305
306
307
    #'rss' => 'do_rss', #FIXME:Currently processed in differenct way.
    'rss_request'     => 'do_rss_request',
    'maintenance'     => 'do_maintenance',
308
    'blocklist'       => 'do_blocklist',
309
310
311
    'edit_attributes' => 'do_edit_attributes',
    'ticket'          => 'do_ticket',
    'manage_template' => 'do_manage_template',
312
313
314
315
316
    'rt_create'       => 'do_rt_create',
    'rt_delete'       => 'do_rt_delete',
    'rt_edit'         => 'do_rt_edit',
    'rt_setdefault'   => 'do_rt_setdefault',
    'rt_update'       => 'do_rt_update',
317
    #XXX'send_newsletter' => 'do_send_newsletter',
sikeda's avatar
sikeda committed
318
    'suspend'                => 'do_suspend',
319
320
321
322
323
324
325
326
327
    'suspend_request'        => 'do_suspend_request',
    'suspend_request_action' => 'do_suspend_request_action',
    'show_exclude'           => 'do_show_exclude',
    # 'ca' stands for 'custom_action'. I used a short name to make it discrete
    # in a URL.
    'ca' => 'do_ca',
    # 'lca' stands for 'list_custom_action'. I used a short name to make it
    # discrete in a URL.
    'lca' => 'do_lca',
328
329
330
331
332
333
    #XXX'automatic_lists_management_request' =>
    #XXX    'do_automatic_lists_management_request',
    #XXX'automatic_lists_management'    => 'do_automatic_lists_management',
    'create_automatic_list'         => 'do_create_automatic_list',
    'create_automatic_list_request' => 'do_create_automatic_list_request',
    'auth'                          => 'do_auth',
334
    'delete_account'                => 'do_delete_account',
335
336
);

337
my %comm_aliases = (
338
339
340
341
    'add_fromsub'             => 'auth_add',
    'add_request'             => 'import',
    'automatic_lists'         => 'create_automatic_list',
    'automatic_lists_request' => 'create_automatic_list_request',
342
    'blacklist'               => 'blocklist',
343
344
    'change_email'            => 'move_user',
    'change_email_request'    => 'move_user',
345
    'del_fromsig'             => 'auth_del',
346
    'dump'                    => 'export_member',
347
    'family_signoff_request'  => 'family_signoff',
348
349
    'ignoresig'               => 'decl_del',
    'ignoresub'               => 'decl_add',
350
    'loginrequest'            => 'login',
351
    'rename_list'             => 'move_list',
352
    'restore_list'            => 'open_list',
353
354
    'sigrequest'              => 'signoff',
    'subrequest'              => 'subscribe',
355
356
);

357
358
# No longer used.
#my %auth_action;
359

360
361
362
363
364
365
# Arguments awaited in the PATH_INFO, depending on the action.
# NOTE:
# * The email addresses should NOT be embedded in PATH_INFO, because included
#   slashes (/) cannot be handled correctly by web servers. They are kept just
#   for compatibility to earlier releases of Sympa.  Use query parameters
#   instead.
366
our %action_args = (
Luc Didry's avatar
Luc Didry committed
367
368
369
    'default'         => ['list'],
    'editfile'        => ['list', 'file', 'previous_action'],
    'requestpasswd'   => ['email'],
sikeda's avatar
sikeda committed
370
371
372
373
    'choosepasswd'    => ['email', 'passwd'],
    'lists'           => ['topic', 'subtopic'],
    'latest_lists'    => ['topic', 'subtopic'],
    'active_lists'    => ['topic', 'subtopic'],
374
    'including_lists' => ['list'],
Luc Didry's avatar
Luc Didry committed
375
    'login'           => ['previous_action', 'previous_list'],
376
377
378
    'sso_login' => ['auth_service_name', 'subaction', 'email', 'ticket'],
    'sso_login_succeeded' =>
        ['auth_service_name', 'previous_action', 'previous_list'],
379
    #'loginrequest' => ['previous_action', 'previous_list'],
Luc Didry's avatar
Luc Didry committed
380
381
382
    'logout'      => ['previous_action', 'previous_list'],
    'renewpasswd' => ['previous_action', 'previous_list'],
    'firstpasswd' => ['previous_action', 'previous_list'],
383
    #XXX'css' => ['file'],
384
385
386
387
    'pref'             => ['previous_action', 'previous_list'],
    'reject'           => ['list',            'id'],
    'distribute'       => ['list',            'id'],
    'add_frommod'      => ['list',            'id'],
388
    'dump_scenario'    => ['list',            'scenario_function'],
389
390
391
    'd_reject_shared'  => ['list',            'id'],
    'd_install_shared' => ['list',            'id'],
    'modindex'         => ['list'],
392
    'docindex'         => ['list'],
Luc Didry's avatar
Luc Didry committed
393
394
395
396
    'viewmod'          => ['list',            'id', '@file'],
    'add'              => ['list',            'email'],
    'import' => ['list'],
    'del'    => ['list', 'email'],
397
398
399
    #'editsubscriber' =>
    #    ['list', 'email', 'previous_action', 'custom_attribute'],
    #'editsubscriber' => ['list', 'email', 'previous_action'],
400
    'editsubscriber' => ['list'],
401
    'edit'           => ['list', 'role'],
402
403
    #'viewbounce' => ['list', 'email', '@file'],
    'viewbounce' => ['list', 'dir', '@file'],
404
    #'resetbounce'    => ['list', 'email'],
405
    'review'         => ['list', 'page',  'size', 'sortby'],
406
407
408
409
410
    'reviewbouncing' => ['list', 'page',  'size'],
    'arc'            => ['list', 'month', '@arc_file'],
    'latest_arc'     => ['list'],
    'arc_manage'     => ['list'],
    'arcsearch_form' => ['list', 'archive_name'],
411
    'arcsearch_id'   => ['list', 'archive_name', '@msgid'],
412
413
414
415
416
417
418
    'rebuildarc'     => ['list', 'month'],
    'rebuildallarc' => [],
    'arc_download'  => ['list'],
    'arc_delete'    => ['list', 'zip'],
    'home'          => [],
    'help'          => ['help_topic'],
    'show_cert'     => [],
419
    'subscribe'     => ['list'],
420
    #'subrequest' => ['list','email'],
421
422
423
424
425
426
    'subindex'       => ['list'],
    'decl_add'       => ['list'],
    'signoff'        => ['list'],
    'auto_signoff'   => ['list'],
    'family_signoff' => ['family'],
    #'family_signoff_request' => ['family', 'email'],
427
    #'sigrequest'             => ['list',   'email'],
Luc Didry's avatar
Luc Didry committed
428
429
    'sigindex'           => ['list'],
    'decl_del'           => ['list'],
430
    'set'                => ['list', 'email', 'reception', 'gecos'],
431
432
433
434
435
436
437
438
    'serveradmin'        => ['subaction'],
    'set_session_email'  => ['email'],
    'skinsedit'          => [],
    'get_pending_lists'  => [],
    'get_closed_lists'   => [],
    'get_latest_lists'   => [],
    'get_inactive_lists' => [],
    'get_biggest_lists'  => [],
sikeda's avatar
sikeda committed
439
    'search_list'        => ['filter_list'],
Luc Didry's avatar
Luc Didry committed
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
    'shared'            => ['list', '@path'],        #FIXME: no such function.
    'd_read'            => ['list', '@path'],
    'latest_d_read'     => ['list'],
    'd_admin'           => ['list', 'd_admin'],
    'd_delete'          => ['list', '@path'],
    'd_rename'          => ['list', '@path'],
    'd_create_child'    => ['list', '@path'],
    'd_update'          => ['list', '@path'],
    'd_describe'        => ['list', '@path'],
    'd_editfile'        => ['list', '@path'],
    'd_properties'      => ['list', '@path'],
    'd_control'         => ['list', '@path'],
    'd_change_access'   => ['list', '@path'],
    'd_set_owner'       => ['list', '@path'],
    'export_member'     => ['list', 'format'],
    'search'            => ['list', 'filter'],
    'search_user'       => ['email'],
    'set_lang'          => ['lang'],
    'attach'            => ['list', 'dir', 'file'],
    'stats'             => ['list'],
460
    'edit_list_request' => ['list', 'group'],
Luc Didry's avatar
Luc Didry committed
461
462
463
464
465
466
467
468
469
470
471
472
473
    'move_list'           => ['list', 'new_listname', 'new_robot'],
    'copy_list'           => ['list', 'new_listname', 'new_robot'],
    'redirect'            => [],
    'viewlogs'            => ['list', 'page', 'size', 'sortby'],
    'wsdl'                => [],
    'sync_include'        => ['list'],
    'review_family'       => ['family_name'],
    'ls_templates'        => ['list'],
    'view_template'       => [],
    'remove_template'     => [],
    'copy_template'       => ['list'],
    'edit_template'       => ['list'],
    'rss_request'         => ['list'],
474
475
476
    'request_topic'       => ['list', 'authkey'],
    'tag_topic_by_sender' => ['list'],
    'ticket'              => ['ticket'],
477
    'move_user'           => [],
Luc Didry's avatar
Luc Didry committed
478
479
480
481
482
483
484
485
486
487
    'manage_template'     => ['subaction', 'list', 'message_template'],
    'rt_delete'           => ['list', 'message_template'],
    'rt_edit'             => ['list', 'message_template'],
    'send_newsletter'     => [],
    'compose_mail'        => ['list', 'subaction'],
    'suspend'             => ['list'],
    'suspend_request'     => ['subaction'],
    'show_exclude'        => ['list'],
    'ca'                  => ['custom_action', '@cap'],
    'lca'                 => ['custom_action', 'list', '@cap'],
488
489
    #XXX'automatic_lists_management_request' => [],
    #XXX'automatic_lists_management'         => [],
Luc Didry's avatar
Luc Didry committed
490
491
492
493
494
    'create_automatic_list'         => ['family'],
    'create_automatic_list_request' => ['family'],
    'auth'                          => ['id', 'heldaction', 'listname'],
    'auth_add'                      => ['list'],
    'auth_del'                      => ['list'],
495
);
root's avatar
root committed
496

497
## Define the required parameters for each action
498
499
## Parameter names refer to the %in structure of to $param if mentionned as
## 'param.x'
500
501
## This structure is used to determine if any parameter is missing
## The list of parameters is not ordered
502
503
504
## Some keywords are reserved: param.list and param.user.email
## Alternate parameters can be defined with the '|' character
## Limits of this structure: it does not define optional parameters (a or b)
505
506
507
## Limit: it does not allow to have a specific error message and redirect to a
## given page if the parameter is missing
our %required_args = (
Luc Didry's avatar
Luc Didry committed
508
509
510
511
512
513
514
515
516
517
518
519
    'active_lists'   => ['for|count'],
    'admin'          => ['param.list', 'param.user.email'],
    'add'            => ['param.list', 'param.user.email'],
    'import'         => ['param.list', 'param.user.email'],
    'arc'            => ['param.list'],
    'arc_delete'     => ['param.user.email', 'param.list'],
    'arc_download'   => ['param.user.email', 'param.list'],
    'arc_manage'     => ['param.list'],
    'arcsearch'      => ['param.list'],
    'arcsearch_form' => ['param.list'],
    'arcsearch_id'   => ['param.list'],
    'auth'           => ['id', 'heldaction', 'email'],
520
521
    'auth_add'       => ['param.list', 'param.user.email', 'id'],
    'auth_del'       => ['param.list', 'param.user.email', 'id'],
Luc Didry's avatar
Luc Didry committed
522
523
    'auto_signoff'   => ['param.list', 'email'],
    'attach'         => ['param.list'],
524
    'blocklist'      => ['param.list'],
Luc Didry's avatar
Luc Didry committed
525
526
527
528
529
    'move_user' =>
        ['param.user.email', 'current_email|old_email', 'email|new_email'],
    'close_list'    => ['param.user.email', 'param.list'],
    'compose_mail'  => ['param.user.email', 'param.list'],
    'copy_template' => ['webormail'],
530
    ## other required parameters are checked in the subroutine
531
532
    'create_automatic_list'         => ['param.user.email', 'family'],
    'create_automatic_list_request' => ['param.user.email', 'family'],
533
    'create_list'                   => ['param.user.email', 'info'],
534
    'create_list_request'           => ['param.user.email'],
535
    #XXX'css' => [],
536
537
538
539
540
    'd_admin'         => ['param.list', 'param.user.email'],
    'd_change_access' => ['param.list', 'param.user.email'],
    'd_control'       => ['param.list', 'param.user.email'],
    'd_create_child' =>
        ['param.list', 'param.user.email', 'new_name|uploaded_file'],
541
542
543
544
545
546
547
548
    'd_delete'         => ['param.list', 'param.user.email'],
    'd_describe'       => ['param.list', 'param.user.email', 'content'],
    'd_editfile'       => ['param.list', 'param.user.email'],
    'd_install_shared' => ['param.list', 'param.user.email', 'id'],
    'd_properties'     => ['param.list', 'param.user.email'],
    'd_read'          => ['param.list'],
    'd_reject_shared' => ['param.list', 'param.user.email', 'id'],
    'd_rename'        => ['param.list', 'param.user.email', 'new_name'],
549
    'd_update' =>
550
        ['param.list', 'param.user.email', 'content|url|uploaded_file'],
551
    'd_set_owner'     => ['param.list', 'param.user.email'],
sikeda's avatar
sikeda committed
552
    'd_unzip'         => ['param.list', 'param.user.email', 'uploaded_file'],
553
554
555
556
    'del'             => ['param.list', 'param.user.email', 'email'],
    'delete_pictures' => ['param.list', 'param.user.email'],
    'distribute'      => ['param.list', 'param.user.email', 'id|idspam'],
    'add_frommod'     => ['param.list', 'param.user.email', 'id'],
557
    'dump_scenario'   => ['param.list', 'scenario_function|pname'],
558
    'edit'            => ['param.list', 'param.user.email', 'role', 'email'],
Luc Didry's avatar
Luc Didry committed
559
560
561
562
563
564
    'edit_list'         => ['param.user.email', 'param.list'],
    'edit_list_request' => ['param.user.email', 'param.list'],
    'edit_template'     => ['webormail'],
    'editfile'          => ['param.user.email'],
    'editsubscriber'    => ['param.list',       'param.user.email', 'email'],
    'export_member'        => ['param.list'],
565
    'family_signoff'       => ['family', 'email'],
Luc Didry's avatar
Luc Didry committed
566
567
568
569
570
    'get_closed_lists'     => ['param.user.email'],
    'get_inactive_lists'   => ['param.user.email'],
    'get_latest_lists'     => ['param.user.email'],
    'get_biggest_lists'    => ['param.user.email'],
    'get_pending_lists'    => ['param.user.email'],
571
572
    'decl_del'             => ['param.list', 'param.user.email', 'id'],
    'decl_add'             => ['param.list', 'param.user.email', 'id'],
573
    'delete_account'       => ['passwd', 'i_understand_the_consequences'],
574
    'including_lists'      => ['param.list', 'param.user.email'],
575
576
577
578
    'info'                 => ['param.list'],
    'install_pending_list' => ['param.user.email'],
    'edit_config'          => ['param.user.email'],
    'latest_arc'           => ['param.list', 'for|count'],
Luc Didry's avatar
Luc Didry committed
579
580
581
582
583
584
    'latest_d_read'        => ['param.list', 'for', 'count'],
    'latest_lists'         => ['for|count'],
    'load_cert'            => ['param.list'],
    'logout'               => ['param.user.email'],
    'manage_template'      => ['param.list', 'param.user.email'],
    'my'                   => ['param.user.email'],
585
    'rt_create' => ['param.list', 'param.user.email', 'new_template_name'],
Luc Didry's avatar
Luc Didry committed
586
587
    'rt_delete' => ['param.list', 'param.user.email', 'message_template'],
    'rt_edit'   => ['param.list', 'param.user.email', 'message_template'],
588
589
590
    'rt_setdefault' => ['param.list', 'param.user.email', 'new_default'],
    'rt_update' =>
        ['param.list', 'param.user.email', 'message_template', 'content'],
Luc Didry's avatar
Luc Didry committed
591
592
593
594
595
596
597
598
    'modindex'      => ['param.list',       'param.user.email'],
    'docindex'      => ['param.list',       'param.user.email'],
    'pref'          => ['param.user.email'],
    'purge_list'    => ['param.user.email', 'selected_lists'],
    'rebuildallarc' => ['param.user.email'],
    'rebuildarc'    => ['param.user.email', 'param.list'],
    'reject'        => ['param.list',       'param.user.email', 'id|idspam'],
    'remind'        => ['param.list',       'param.user.email'],
599
600
    'remove_arc'      => ['param.list'],
    'remove_template' => ['webormail'],
601
    'move_list' =>
602
603
604
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'copy_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
605
    'open_list'           => ['param.user.email', 'param.list'],
606
607
    'rename_list_request' => ['param.user.email', 'param.list'],
    'request_topic'       => ['param.list',       'authkey'],
Luc Didry's avatar
Luc Didry committed
608
    'resetbounce'     => ['param.list', 'param.user.email', 'email'],
609
610
611
612
613
    'review'          => ['param.list'],
    'review_family'   => ['param.user.email', 'family_name'],
    'reviewbouncing'  => ['param.list'],
    'rss_request'     => [],
    'savefile'        => ['param.user.email', 'file'],
614
    'search'          => ['param.list'],
615
616
617
618
619
620
621
622
    'search_user'     => ['param.user.email', 'email'],
    'send_mail'       => ['param.user.email'],
    'send_newsletter' => ['param.list', 'param.user.email', 'url'],
    'send_me'         => ['param.list'],
    'view_source'     => ['param.list'],
    'tracking'        => ['param.list'],
    'requestpasswd'   => ['email'],
    'serveradmin'     => ['param.user.email'],
623
    'set'      => ['param.user.email', 'param.list', 'reception|visibility'],
624
625
    'set_lang' => [],
    'set_pending_list_request' => ['param.user.email'],
Luc Didry's avatar
Luc Didry committed
626
627
628
629
630
631
632
633
634
635
636
637
638
    'setpasswd'        => ['param.user.email', 'newpasswd1', 'newpasswd2'],
    'setpref'          => ['param.user.email'],
    'sigindex'         => ['param.list', 'param.user.email'],
    'signoff'          => ['param.list'],
    'skinsedit'        => ['param.user.email'],
    'sso_login'        => ['auth_service_name'],
    'stats'            => ['param.list'],
    'subindex'         => ['param.list', 'param.user.email'],
    'suboptions'       => ['param.list', 'param.user.email'],
    'subscribe'        => ['param.list'],
    'subscriber_count' => ['param.list'],
    'suspend'          => ['param.list', 'param.user.email'],
    'suspend_request'  => [],
639
640
    'suspend_request_action' => [],
    'show_exclude'           => ['param.list'],
Luc Didry's avatar
Luc Didry committed
641
    'sync_include'           => ['param.list', 'param.user.email'],
642
643
644
    'tag_topic_by_sender'    => ['param.list'],
    'upload_pictures'        => ['param.user.email', 'param.list'],
    'view_template'          => ['webormail'],
Luc Didry's avatar
Luc Didry committed
645
    'viewbounce'             => ['param.list', 'email|file'],
646
647
648
    'viewlogs'               => ['param.list'],
    'viewmod' => ['param.list', 'param.user.email', 'id|idspam'],
    'wsdl'    => [],
649
    #'which' => ['param.user.email'],
650
);
651
652
653

## Defines the required privileges to access privileged actions
## You can define a set ofequiivalent privileges in the ARRAYREF
654
our %required_privileges = (
Luc Didry's avatar
Luc Didry committed
655
656
657
658
659
660
    'admin'                    => ['owner', 'editor'],
    'arc_delete'               => ['owner'],
    'arc_download'             => ['owner'],
    'arc_manage'               => ['owner'],
    'auth_add'                 => ['owner', 'editor'],
    'auth_del'                 => ['owner', 'editor'],
661
    'blocklist'                => ['owner', 'editor'],
Luc Didry's avatar
Luc Didry committed
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
    'close_list'               => ['privileged_owner'],
    'copy_template'            => ['listmaster'],
    'd_install_shared'         => ['editor', 'owner'],
    'd_reject_shared'          => ['editor', 'owner'],
    'distribute'               => ['editor', 'owner', 'listmaster'],
    'add_frommod'              => ['editor', 'owner'],
    'dump_scenario'            => ['listmaster'],
    'edit'                     => ['editor', 'owner', 'listmaster'],
    'edit_list'                => ['owner'],
    'edit_list_request'        => ['owner'],
    'edit_template'            => ['listmaster'],
    'editfile'                 => ['owner', 'listmaster'],
    'editsubscriber'           => ['owner', 'editor'],
    'get_closed_lists'         => ['listmaster'],
    'get_inactive_lists'       => ['listmaster'],
    'get_latest_lists'         => ['listmaster'],
    'get_biggest_lists'        => ['listmaster'],
    'get_pending_lists'        => ['listmaster'],
    'decl_del'                 => ['owner', 'editor'],
    'decl_add'                 => ['owner', 'editor'],
    'including_lists'          => ['owner', 'listmaster'],
    'install_pending_list'     => ['listmaster'],
    'edit_config'              => ['listmaster'],
    'ls_templates'             => ['listmaster'],
    'manage_template'          => ['owner'],
687
    'mass_del'                 => ['listmaster'],
Luc Didry's avatar
Luc Didry committed
688
689
690
691
692
693
694
695
696
697
698
699
700
    'rt_create'                => ['owner'],
    'rt_delete'                => ['owner'],
    'rt_edit'                  => ['owner'],
    'rt_setdefault'            => ['owner'],
    'rt_update'                => ['owner'],
    'modindex'                 => ['editor', 'owner', 'listmaster'],
    'docindex'                 => ['editor', 'owner', 'listmaster'],
    'purge_list'               => ['privileged_owner', 'listmaster'],
    'rebuildallarc'            => ['listmaster'],
    'rebuildarc'               => ['listmaster'],
    'reject'                   => ['editor', 'owner', 'listmaster'],
    'remove_template'          => ['listmaster'],
    'move_list'                => ['privileged_owner'],
701
    'copy_list'                => ['owner', 'listmaster'],
702
    'open_list'                => ['listmaster'],
703
704
705
706
    'rename_list_request'      => ['privileged_owner'],
    'resetbounce'              => ['owner', 'editor'],
    'review_family'            => ['listmaster'],
    'reviewbouncing'           => ['owner', 'editor'],
707
    'savefile'                 => ['owner', 'listmaster'],
708
709
710
711
712
713
714
    'search_user'              => ['listmaster'],
    'serveradmin'              => ['listmaster'],
    'set_dumpvars'             => ['listmaster'],
    'set_loglevel'             => ['listmaster'],
    'set_pending_list_request' => ['listmaster'],
    'set_session_email'        => ['listmaster'],
    'show_sessions'            => ['listmaster'],
715
    'sigindex'                 => ['owner', 'editor'],
716
717
718
719
720
721
722
    'stats'                    => ['owner'],
    'subindex'                 => ['owner', 'editor'],
    'sync_include'             => ['owner', 'editor'],
    'skinsedit'                => ['listmaster'],
    'view_template'            => ['listmaster'],
    'viewbounce'               => ['owner', 'editor'],
    'viewlogs'                 => ['owner', 'editor'],
Luc Didry's avatar
Luc Didry committed
723
    'viewmod'                  => ['editor', 'owner', 'listmaster'],
724
725
    #XXX'automatic_lists_management_request' => ['listmaster'],
    #XXX'automatic_lists_management'         => ['listmaster'],
726
727
);

728
729
730
731
732
733
734
735
# An action is a candidate for this list if it modifies an object or setting.
#
# Why not just protect all actions? Many of them are used in GET requests
# without any forms, making it more difficult to supply a CSRF token.
# This list intentionally starts out small in the name of breaking as little
# as possible.

our %require_csrftoken = (
736
737
738
739
740
741
    'add'       => 1,
    'del'       => 1,
    'move_user' => 1,
    'savefile'  => 1,
    'setpasswd' => 1,
    'setpref'   => 1,
742
743
);

744
745
746
# this definition is used to choose the left side menu type (admin ->
# listowner admin menu | serveradmin -> server_admin menu | none list or
# your_list menu)
747
my %action_type = (
Luc Didry's avatar
Luc Didry committed
748
749
750
751
752
753
    'review' => 'admin',
    'search' => 'admin',
    'admin'  => 'admin',
    'import' => 'admin',
    'add'    => 'admin',
    'del'    => 'admin',
754
    # 'modindex' =>'admin',
Luc Didry's avatar
Luc Didry committed
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
    'reject'            => 'admin',
    'reject_notify'     => 'admin',
    'distribute'        => 'admin',
    'add_frommod'       => 'admin',
    'viewmod'           => 'admin',
    'savefile'          => 'admin',
    'rebuildallarc'     => 'admin',    #FIXME: serveradmin?
    'reviewbouncing'    => 'admin',
    'edit'              => 'admin',
    'edit_list_request' => 'admin',
    'edit_list'         => 'admin',
    'editsubscriber'    => 'admin',
    'viewbounce'        => 'admin',
    'resetbounce'       => 'admin',
    'scenario_test'     => 'admin',
    'close_list'        => 'admin',
    'd_admin'           => 'admin',
    'd_reject_shared'   => 'admin',
    'd_install_shared'  => 'admin',
    'dump_scenario'     => 'admin',
    'export_member'     => 'admin',
    'open_list'         => 'admin',
    'remind'            => 'admin',
778
    #'subindex' => 'admin',
Luc Didry's avatar
Luc Didry committed
779
780
781
782
783
784
785
786
787
788
789
790
    'stats'               => 'admin',
    'decl_del'            => 'admin',
    'decl_add'            => 'admin',
    'move_list'           => 'admin',
    'copy_list'           => 'admin',
    'rename_list_request' => 'admin',
    'arc_manage'          => 'admin',
    'sync_include'        => 'admin',
    'view_template'       => 'admin',
    'remove_template'     => 'admin',
    'copy_template'       => 'admin',
    'edit_template'       => 'admin',
791
    'blocklist'           => 'admin',
Luc Didry's avatar
Luc Didry committed
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
    'viewlogs'            => 'admin',
    'serveradmin'         => 'serveradmin',
    'get_pending_lists'   => 'serveradmin',
    'get_closed_lists'    => 'serveradmin',
    'get_inactive_lists'  => 'serveradmin',
    'get_latest_lists'    => 'serveradmin',
    'get_biggest_lists'   => 'serveradmin',
    'ls_templates'        => 'serveradmin',
    'skinsedit'           => 'serveradmin',
    'review_family'       => 'serveradmin',
    'search_user'         => 'serveradmin',
    'show_sessions'       => 'serveradmin',
    'show_exclude'        => 'admin',
    'rebuildarc'          => 'serveradmin',
    'set_session_email'   => 'serveradmin',
    'set_loglevel'        => 'serveradmin',
    'editfile'            => 'serveradmin',    #FIXME: admin?
    'unset_dumpvars'      => 'serveradmin',
    'set_dumpvars'        => 'serveradmin',
811
812
    #XXX'automatic_lists_management_request' => 'serveradmin',
    #XXX'automatic_lists_management'         => 'serveradmin',
813
);
root's avatar
root committed
814

815
# Actions that are not used in return of login,
816
my %temporary_actions = (
817
    'confirm_action'      => 1,
818
819
820
821
822
823
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'ticket'              => 1,
824
    #XXX'css' => 1,
825
826
827
828
    'rss'      => 1,    # FIXME:currently not used.
    'ajax'     => 1,
    'wsdl'     => 1,
    'redirect' => 1,
829
);
830

831
832
833
## Regexp applied on incoming parameters (%in)
## The aim is not a strict definition of parameter format
## but rather a security check
834
our %in_regexp = (
835
836
837
838
839
840
    ## Default regexp
    '*' => '[\w\-\.]+',

    ## List config parameters
    'single_param'   => '.+',
    'multiple_param' => '.+',
IKEDA Soji's avatar
IKEDA Soji committed
841
    'deleted_param'  => '.+',
842
843
844
845
846
847
848

    ## Textarea content
    'template_content'     => '.+',
    'content'              => '.+',
    'body'                 => '.+',
    'info'                 => '.+',
    'new_scenario_content' => '.+',
849
    'blacklist'            => '.*',    # Compat.<=6.2.60
850
    'blocklist'            => '.*',
851
852

    ## Integer
853
    'page' => '\d+|owner|editor',
854
855
856
857
858
859
860
861
862
863
    'size' => '\d+',

    ## Free data
    'subject'          => '.*',
    'gecos'            => '[^<>\\\*\$\n]+',
    'fromname'         => '[^<>\\\*\$\n]+',
    'additional_field' => '[^<>\\\*\$\n]+',
    'dump'             => '[^<>\\\*\$]+',     # contents email + gecos

    ## Search
864
    'filter'      => '.*',                    # search subscriber
sikeda's avatar
sikeda committed
865
    'filter_list' => '.*',                    # search list
866
867
    'key_word'    => '.*',
    'format'      => '[^<>\\\$\n]+',          # dump format/filter string
868
869
870
871
872
873
874
875
876

    ## File names
    'file'          => '[^<>\*\$\n]+',
    'template_path' => '[\w\-\.\/_]+',
    'arc_file'      => '[^<>\\\*\$\n]+',
    'path'          => '[^<>\\\*\$\n]+',
    'uploaded_file' =>
        '(.*[\/\\\\])?[^<>\*\$\n]+',          # Could be precised (use of "'")
    'dir'               => '[^<>\\\*\$\n]+',
877
    'new_name'          => '[^<>\\\*\$\[\]\/\n]+',
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
    'shortname'         => '[^<>\\\*\$\n]+',
    'id'                => '[^<>\\\*\$\n]+',
    'template_name'     => Sympa::Regexps::template_name(),
    'new_template_name' => Sympa::Regexps::template_name(),
    'message_template'  => Sympa::Regexps::template_name(),
    'new_default'       => Sympa::Regexps::template_name(),

    ## Archives
    ## format is yyyy-mm for 'arc' and mm for 'send_me'
    'month' => '\d{2}|\d{4}\-\d{2}',

    ## URL
    'referer'         => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'failure_referer' => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'url'             => '[^\\\$\*\"\'\`\^\|\<\>\n]+',

    ## Msg ID
    'msgid'       => '[^\\\*\"\'\`\^\|\n]+',
    'in_reply_to' => '[^\\\*\"\'\`\^\|\n]+',
    'message_id'  => '[^\\\*\"\'\`\^\|\n]+',
898
    'msg_subject' => '.*',
899
900
901
902
903
904
905
906
907

    ## Password
    'passwd'       => '.+',
    'password'     => '.+',
    'newpasswd1'   => '.+',
    'newpasswd2'   => '.+',
    'new_password' => '.+',

    ## Topics
908
    'topic'    => '\@?[\-\w\/]+',
909
910
911
912
913
914
915
916
917
918
919
920
921
922
    'topics'   => '[\-\w\/]+',
    'subtopic' => '[\-\w\/]+',

    ## List names
    'list' => '[\w\-\.\+]*',    ## Sympa::Regexps::listname() + uppercase
    'previous_list'  => '[\w\-\.\+]*',
    'listname'       => '[\w\-\.\+]*',
    'new_listname'   => '[\w\-\.\+]*',
    'selected_lists' => '[\w\-\.\+]*',

    ## Family names
    'family_name' => Sympa::Regexps::family_name(),
    'family'      => Sympa::Regexps::family_name(),

923
    # Email addresses
924
    'current_email' => Sympa::Regexps::email(),
Luc Didry's avatar
Luc Didry committed
925
926
927
928
929
930
931
    'email'         => Sympa::Regexps::email() . '|' . Sympa::Regexps::uid(),
    'init_email'    => Sympa::Regexps::email(),
    'old_email'     => Sympa::Regexps::email(),
    'new_email'     => Sympa::Regexps::email(),
    'sender'        => Sympa::Regexps::email(),
    'fromaddr'      => Sympa::Regexps::email(),
    'del_emails'    => '.*',
932
    'to' => '(([\w\-\_\.\/\+\=\']+|\".*\")\s[\w\-]+(\.[\w\-]+)+(,?))*',
933
934
935
936
937
938
939
940
    'automatic_list_part_*' => '[\w\-\.\+]*',

    ## Host
    'new_robot'   => Sympa::Regexps::host(),
    'remote_host' => Sympa::Regexps::host(),
    'remote_addr' => Sympa::Regexps::host(),

    ## Scenario name
941
942
943
    'scenario'    => Sympa::Regexps::scenario_name(),
    'read_access' => Sympa::Regexps::scenario_name(),
    'edit_access' => Sympa::Regexps::scenario_name(),
944
945
946
947
948
949
950
951
952
953
954
955
956
957
    ## RSS URL or blank
    'active_lists'  => '.*',
    'latest_lists'  => '.*',
    'latest_arc'    => '.*',
    'latest_d_read' => '.*',

    ##Logs
    'target_type' => '[\w\-\.\:]*',
    'target'      => Sympa::Regexps::email(),
    'date_from'   => '[\d\/\-]+',
    'date_to'     => '[\d\/\-]+',
    'ip'          => Sympa::Regexps::host(),

    ## colors
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
    'subaction_test'    => '.*',
    'subaction_reset'   => '.*',
    'subaction_install' => '.*',
    'color_0'           => '\#[0-9a-fA-F]+',
    'color_1'           => '\#[0-9a-fA-F]+',
    'color_2'           => '\#[0-9a-fA-F]+',
    'color_3'           => '\#[0-9a-fA-F]+',
    'color_4'           => '\#[0-9a-fA-F]+',
    'color_5'           => '\#[0-9a-fA-F]+',
    'color_6'           => '\#[0-9a-fA-F]+',
    'color_7'           => '\#[0-9a-fA-F]+',
    'color_8'           => '\#[0-9a-fA-F]+',
    'color_9'           => '\#[0-9a-fA-F]+',
    'color_10'          => '\#[0-9a-fA-F]+',
    'color_11'          => '\#[0-9a-fA-F]+',
    'color_12'          => '\#[0-9a-fA-F]+',
    'color_13'          => '\#[0-9a-fA-F]+',
    'color_14'          => '\#[0-9a-fA-F]+',
    'color_15'          => '\#[0-9a-fA-F]+',
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994

    ## Custom attribute
    'custom_attribute' => '.*',

    ## Templates
    'scope' => 'distrib|robot|family|list|site',

    ## Custom Inputs from create_list_request.tt2
    'custom_input' => '.*',

    ## conf parameters
    'conf_new_value' => '.*',

    ## custom actions
    'cap'  => '.*',
    'lcap' => '.*',

    'plugin' => '.*',
995
996
997

    ## Envelope ID
    'envid' => '\w+',
998
999
1000

    ## Authentication/moderation key
    'authkey' => '\w+',
For faster browsing, not all history is shown. View entire blame