wwsympa.fcgi.in 582 KB
Newer Older
1
#!--PERL--
2
3
4
5
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$

6
# Sympa - SYsteme de Multi-Postage Automatique
7
8
9
10
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
11
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
12
13
# Copyright 2017, 2018 The Sympa Community. See the AUTHORS.md file at the
# top-level directory of this distribution and at
14
# <https://github.com/sympa-community/sympa.git>.
15
16
17
18
19
20
21
22
23
24
25
26
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
27
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
28

29
## Copyright 1999 Comité Réseaux des Universités
root's avatar
root committed
30
## web interface to Sympa mailing lists manager
salaun's avatar
salaun committed
31
## Sympa: http://www.sympa.org/
root's avatar
root committed
32
## Authors :
salaun's avatar
   
salaun committed
33
##           Serge Aumont <sa AT cru.fr>
34
##           Olivier Salaün <os AT cru.fr>
35

36
37
use strict;
##use warnings;
38
use lib split(/:/, $ENV{SYMPALIB} || ''), '--modulesdir--';
olivier.salaun's avatar
olivier.salaun committed
39

40
use Archive::Zip qw();
41
use CGI::Fast qw();
42
use DateTime;
43
use DateTime::Format::Mail;
44
use Digest::MD5;
sikeda's avatar
sikeda committed
45
use Encode qw();
46
use English qw(-no_match_vars);
47
use IO::File qw();
sikeda's avatar
sikeda committed
48
use MIME::EncWords;
49
use MIME::Lite::HTML;
sikeda's avatar
sikeda committed
50
use POSIX qw();
51
use Time::Local qw();
52
use URI;
53
use Data::Dumper;    # tentative
54
BEGIN { eval 'use Crypt::OpenSSL::X509'; }
55

56
use Sympa;
57
use Sympa::Alarm;
sikeda's avatar
sikeda committed
58
use Sympa::Archive;
59
use Sympa::Bulk;
root's avatar
root committed
60
use Conf;
61
use Sympa::ConfDef;
62
use Sympa::Constants;
63
use Sympa::Crash Hook => \&_crash_handler;    # Show traceback.
64
use Sympa::Database;
65
use Sympa::DatabaseManager;
sikeda's avatar
sikeda committed
66
use Sympa::Family;
67
use Sympa::HTMLSanitizer;
68
use Sympa::Language;
69
use Sympa::List;
70
use Sympa::Log;
71
use Sympa::Message;
sikeda's avatar
sikeda committed
72
use Sympa::Regexps;
73
74
use Sympa::Robot;
use Sympa::Scenario;
75
use Sympa::Spindle::ProcessRequest;
76
use Sympa::Spindle::ResendArchive;
77
use Sympa::Spool::Archive;
78
use Sympa::Spool::Auth;
79
use Sympa::Spool::Held;
80
use Sympa::Spool::Incoming;
81
use Sympa::Spool::Moderation;
82
use Sympa::Template;
83
use Sympa::Ticket;
84
85
use Sympa::Tools::Data;
use Sympa::Tools::File;
86
use Sympa::Tools::Password;
87
use Sympa::Tools::Text;
88
use Sympa::Topic;
89
use Sympa::Tracking;
sikeda's avatar
sikeda committed
90
use Sympa::User;
IKEDA Soji's avatar
IKEDA Soji committed
91
92
93
94
95
96
use Sympa::WWW::Auth;
use Sympa::WWW::Marc::Search;
use Sympa::WWW::Report;
use Sympa::WWW::Session;
use Sympa::WWW::SharedDocument;
use Sympa::WWW::Tools;
root's avatar
root committed
97
98

## WWSympa librairies
99
my %options;
root's avatar
root committed
100

101
my $sympa_conf_file = Sympa::Constants::CONFIG;
root's avatar
root committed
102

103
104
105
106
107
108
# Used via the Sympa::Plugin interface
our $list;
our $param = {};
our $robot_id;
our $session;
our $plugins;
109

110
my $robot;
111
my $ip;
112
my $rss;
113
my $ajax;
salaun's avatar
salaun committed
114

115
my $allow_absolute_path;    #FIXME: to be removed in the future.
116
my @other_include_path;     #FIXME: ditto.
117

root's avatar
root committed
118
## Load sympa config
119
unless (Conf::load()) {
120
    printf STDERR
121
122
        "Unable to load sympa configuration, file %s or one of the vhost robot.conf files contain errors. Exiting.\n",
        Conf::get_sympa_conf();
123
    exit 1;
root's avatar
root committed
124
125
}

126
127
128
129
130
# Open log
my $log = Sympa::Log->instance;
$log->{level} = $Conf::Conf{'log_level'};
$log->openlog($Conf::Conf{'log_facility'} || $Conf::Conf{'syslog'},
    $Conf::Conf{'log_socket_type'});
131

132
## Start plugins
133
if (eval "require Sympa::Plugin::Manager") {
134
135
136
    $plugins = Sympa::Plugin::Manager->new(application => 'website');
}

137
Sympa::Alarm->instance->{use_bulk} = 1;
root's avatar
root committed
138
139
140
141
142
143
144
145
146
147
148

# hash of all the description files already loaded
# format :
#     $desc_files{pathfile}{'date'} : date of the last load
#     $desc_files{pathfile}{'desc_hash'} : hash which describes
#                         the description file

#%desc_files_map; NOT USED ANYMORE

## Shared directory and description file

149
150
#$shared = 'shared';
#$desc = '.desc';
root's avatar
root committed
151
152

## subroutines
153
our %comm = (
154
    'confirm_action'         => 'do_confirm_action',
155
156
157
158
159
160
161
    'home'                   => 'do_home',
    'logout'                 => 'do_logout',
    'loginrequest'           => 'do_loginrequest',
    'login'                  => 'do_login',
    'sso_login'              => 'do_sso_login',
    'sso_login_succeeded'    => 'do_sso_login_succeeded',
    'subscribe'              => 'do_subscribe',
162
    #'multiple_subscribe'     => 'do_multiple_subscribe',
163
    #'subrequest'             => 'do_subrequest',
164
165
166
167
168
169
    'subindex'               => 'do_subindex',
    'suboptions'             => 'do_suboptions',
    'signoff'                => 'do_signoff',
    'auto_signoff'           => 'do_auto_signoff',
    'family_signoff'         => 'do_family_signoff',
    'family_signoff_request' => 'do_family_signoff_request',
170
    #XXX'multiple_signoff'    => 'do_multiple_signoff',
171
    #'sigrequest' => 'do_sigrequest',
172
173
174
175
    'sigindex' => 'do_sigindex',
    'decl_add' => 'do_decl_add',
    'decl_del' => 'do_decl_del',
    'my'       => 'do_my',
176
    #'which' => 'do_which',
177
    'lists'            => 'do_lists',
178
    'lists_categories' => 'do_lists_categories',
179
180
    'latest_lists'     => 'do_latest_lists',
    'active_lists'     => 'do_active_lists',
181
    'including_lists'  => 'do_including_lists',
182
183
184
185
186
187
188
189
190
191
192
193
194
    'info'             => 'do_info',
    'subscriber_count' => 'do_subscriber_count',
    'review'           => 'do_review',
    'search'           => 'do_search',
    'pref',            => 'do_pref',
    'setpref'          => 'do_setpref',
    'setpasswd'        => 'do_setpasswd',
    'renewpasswd'      => 'do_renewpasswd',
    'firstpasswd'      => 'do_firstpasswd',
    'requestpasswd'    => 'do_requestpasswd',
    'choosepasswd'     => 'do_choosepasswd',
    'set'              => 'do_set',
    'admin'            => 'do_admin',
195
    'import'           => 'do_import',
196
    'add'              => 'do_add',
197
    'auth_add'         => 'do_auth_add',
198
    'del'              => 'do_del',
199
    'auth_del'         => 'do_auth_del',
200
    'modindex'         => 'do_modindex',
201
    'docindex'         => 'do_docindex',
202
203
204
205
206
207
208
    'reject'           => 'do_reject',
    #XXX'reject_notify' => 'do_reject_notify',
    'distribute'      => 'do_distribute',
    'add_frommod'     => 'do_add_frommod',
    'viewmod'         => 'do_viewmod',
    'd_reject_shared' => 'do_d_reject_shared',
    #XXX'reject_notify_shared' => 'do_reject_notify_shared',
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    'd_install_shared'  => 'do_d_install_shared',
    'editfile'          => 'do_editfile',
    'savefile'          => 'do_savefile',
    'arc'               => 'do_arc',
    'latest_arc'        => 'do_latest_arc',
    'latest_d_read'     => 'do_latest_d_read',
    'arc_manage'        => 'do_arc_manage',
    'remove_arc'        => 'do_remove_arc',
    'send_me'           => 'do_send_me',
    'view_source'       => 'do_view_source',
    'tracking'          => 'do_tracking',
    'arcsearch_form'    => 'do_arcsearch_form',
    'arcsearch_id'      => 'do_arcsearch_id',
    'arcsearch'         => 'do_arcsearch',
    'rebuildarc'        => 'do_rebuildarc',
    'rebuildallarc'     => 'do_rebuildallarc',
    'arc_download'      => 'do_arc_download',
    'arc_delete'        => 'do_arc_delete',
    'serveradmin'       => 'do_serveradmin',
    'set_loglevel'      => 'do_set_loglevel',
    'set_dumpvars'      => 'do_set_dumpvars',
    'show_sessions'     => 'do_show_sessions',
    'unset_dumpvars'    => 'do_unset_dumpvars',
    'set_session_email' => 'do_set_session_email',
    'restore_email'     => 'do_restore_email',
    'skinsedit'         => 'do_skinsedit',
235
    #XXX'css' => 'do_css',
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
    'help'                     => 'do_help',
    'edit_list_request'        => 'do_edit_list_request',
    'edit_list'                => 'do_edit_list',
    'create_list_request'      => 'do_create_list_request',
    'create_list'              => 'do_create_list',
    'get_pending_lists'        => 'do_get_pending_lists',
    'get_closed_lists'         => 'do_get_closed_lists',
    'get_latest_lists'         => 'do_get_latest_lists',
    'get_inactive_lists'       => 'do_get_inactive_lists',
    'get_biggest_lists'        => 'do_get_biggest_lists',
    'set_pending_list_request' => 'do_set_pending_list_request',
    'install_pending_list'     => 'do_install_pending_list',
    'edit_config'              => 'do_edit_config',
    #XXX'submit_list' => 'do_submit_list',
    'editsubscriber'       => 'do_editsubscriber',
251
    'edit'                 => 'do_edit',
252
253
254
    'viewbounce'           => 'do_viewbounce',
    'redirect'             => 'do_redirect',
    'rename_list_request'  => 'do_rename_list_request',
255
    'move_list'            => 'do_move_list',
256
257
258
259
260
    'copy_list'            => 'do_copy_list',
    'reviewbouncing'       => 'do_reviewbouncing',
    'resetbounce'          => 'do_resetbounce',
    'scenario_test'        => 'do_scenario_test',
    'search_list'          => 'do_search_list',
261
    'search_list_request'  => 'do_search_list_request',
262
263
    'show_cert'            => 'do_show_cert',
    'close_list'           => 'do_close_list',
264
    'open_list'            => 'do_open_list',
265
266
267
268
    'purge_list'           => 'do_purge_list',
    'upload_pictures'      => 'do_upload_pictures',
    'delete_pictures'      => 'do_delete_pictures',
    'd_read'               => 'do_d_read',
269
    'd_create_child'       => 'do_d_create_child',
270
271
272
    'd_unzip'              => 'do_d_unzip',
    'd_editfile'           => 'do_d_editfile',
    'd_properties'         => 'do_d_properties',
273
    'd_update'             => 'do_d_update',
274
275
276
277
278
279
280
281
    'd_describe'           => 'do_d_describe',
    'd_delete'             => 'do_d_delete',
    'd_rename'             => 'do_d_rename',
    'd_control'            => 'do_d_control',
    'd_change_access'      => 'do_d_change_access',
    'd_set_owner'          => 'do_d_set_owner',
    'd_admin'              => 'do_d_admin',
    'dump_scenario'        => 'do_dump_scenario',
282
    'export_member'        => 'do_export_member',
283
    'remind'               => 'do_remind',
284
    'move_user'            => 'do_move_user',
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
    'load_cert'            => 'do_load_cert',
    'compose_mail'         => 'do_compose_mail',
    'send_mail'            => 'do_send_mail',
    'request_topic'        => 'do_request_topic',
    'tag_topic_by_sender'  => 'do_tag_topic_by_sender',
    'search_user'          => 'do_search_user',
    'set_lang'             => 'do_set_lang',
    'attach'               => 'do_attach',
    'stats'                => 'do_stats',
    'viewlogs'             => 'do_viewlogs',
    'wsdl'                 => 'do_wsdl',
    'sync_include'         => 'do_sync_include',
    'review_family'        => 'do_review_family',
    'ls_templates'         => 'do_ls_templates',
    'remove_template'      => 'do_remove_template',
    'copy_template'        => 'do_copy_template',
    'view_template'        => 'do_view_template',
    'edit_template'        => 'do_edit_template',
    #'rss' => 'do_rss', #FIXME:Currently processed in differenct way.
    'rss_request'     => 'do_rss_request',
    'maintenance'     => 'do_maintenance',
    'blacklist'       => 'do_blacklist',
    'edit_attributes' => 'do_edit_attributes',
    'ticket'          => 'do_ticket',
    'manage_template' => 'do_manage_template',
310
311
312
313
314
    'rt_create'       => 'do_rt_create',
    'rt_delete'       => 'do_rt_delete',
    'rt_edit'         => 'do_rt_edit',
    'rt_setdefault'   => 'do_rt_setdefault',
    'rt_update'       => 'do_rt_update',
315
    #XXX'send_newsletter' => 'do_send_newsletter',
sikeda's avatar
sikeda committed
316
    'suspend'                => 'do_suspend',
317
318
319
320
321
322
323
324
325
    'suspend_request'        => 'do_suspend_request',
    'suspend_request_action' => 'do_suspend_request_action',
    'show_exclude'           => 'do_show_exclude',
    # 'ca' stands for 'custom_action'. I used a short name to make it discrete
    # in a URL.
    'ca' => 'do_ca',
    # 'lca' stands for 'list_custom_action'. I used a short name to make it
    # discrete in a URL.
    'lca' => 'do_lca',
326
327
328
329
330
331
    #XXX'automatic_lists_management_request' =>
    #XXX    'do_automatic_lists_management_request',
    #XXX'automatic_lists_management'    => 'do_automatic_lists_management',
    'create_automatic_list'         => 'do_create_automatic_list',
    'create_automatic_list_request' => 'do_create_automatic_list_request',
    'auth'                          => 'do_auth',
332
333
);

334
my %comm_aliases = (
335
336
337
338
339
340
    'add_fromsub'             => 'auth_add',
    'add_request'             => 'import',
    'automatic_lists'         => 'create_automatic_list',
    'automatic_lists_request' => 'create_automatic_list_request',
    'change_email'            => 'move_user',
    'change_email_request'    => 'move_user',
341
    'dump'                    => 'export_member',
342
343
344
345
    'ignoresig'               => 'decl_del',
    'ignoresub'               => 'decl_add',
    'del_fromsig'             => 'auth_del',
    'rename_list'             => 'move_list',
346
    'restore_list'            => 'open_list',
347
348
    'sigrequest'              => 'signoff',
    'subrequest'              => 'subscribe',
349
350
);

351
352
353
354
355
356
357
358
359
360
361
362
363
my %auth_action = (
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'renewpasswd'         => 1,
    'firstpasswd'         => 1,
    'choosepasswd'        => 1,
    'sendssopasswd'       => 1,    #FIXME: currently not used
    'ticket'              => 1,
);

364
365
366
367
368
369
# Arguments awaited in the PATH_INFO, depending on the action.
# NOTE:
# * The email addresses should NOT be embedded in PATH_INFO, because included
#   slashes (/) cannot be handled correctly by web servers. They are kept just
#   for compatibility to earlier releases of Sympa.  Use query parameters
#   instead.
370
371
372
373
our %action_args = (
    'default'       => ['list'],
    'editfile'      => ['list', 'file', 'previous_action'],
    'requestpasswd' => ['email'],
sikeda's avatar
sikeda committed
374
375
376
377
    'choosepasswd'    => ['email', 'passwd'],
    'lists'           => ['topic', 'subtopic'],
    'latest_lists'    => ['topic', 'subtopic'],
    'active_lists'    => ['topic', 'subtopic'],
378
    'including_lists' => ['list'],
sikeda's avatar
sikeda committed
379
    'login' => ['email', 'passwd', 'previous_action', 'previous_list'],
380
381
382
    'sso_login' => ['auth_service_name', 'subaction', 'email', 'ticket'],
    'sso_login_succeeded' =>
        ['auth_service_name', 'previous_action', 'previous_list'],
383
384
385
386
    'loginrequest' => ['previous_action', 'previous_list'],
    'logout'       => ['previous_action', 'previous_list'],
    'renewpasswd'  => ['previous_action', 'previous_list'],
    'firstpasswd'  => ['previous_action', 'previous_list'],
387
    #XXX'css' => ['file'],
388
389
390
391
392
393
394
395
    'pref'             => ['previous_action', 'previous_list'],
    'reject'           => ['list',            'id'],
    'distribute'       => ['list',            'id'],
    'add_frommod'      => ['list',            'id'],
    'dump_scenario'    => ['list',            'pname'],
    'd_reject_shared'  => ['list',            'id'],
    'd_install_shared' => ['list',            'id'],
    'modindex'         => ['list'],
396
    'docindex'         => ['list'],
397
398
399
    'viewmod'  => ['list', 'id', '@file'],
    'add'      => ['list', 'email'],
    'import'   => ['list'],
400
    'del' => ['list', 'email'],
401
402
403
    #'editsubscriber' =>
    #    ['list', 'email', 'previous_action', 'custom_attribute'],
    #'editsubscriber' => ['list', 'email', 'previous_action'],
404
    'editsubscriber' => ['list'],
405
    'edit'           => ['list', 'role'],
406
407
    #'viewbounce' => ['list', 'email', '@file'],
    'viewbounce' => ['list', 'dir', '@file'],
408
    #'resetbounce'    => ['list', 'email'],
409
    'review'         => ['list', 'page',  'size', 'sortby'],
410
411
412
413
414
    'reviewbouncing' => ['list', 'page',  'size'],
    'arc'            => ['list', 'month', '@arc_file'],
    'latest_arc'     => ['list'],
    'arc_manage'     => ['list'],
    'arcsearch_form' => ['list', 'archive_name'],
415
    'arcsearch_id'   => ['list', 'archive_name', '@msgid'],
416
417
418
419
420
421
422
    'rebuildarc'     => ['list', 'month'],
    'rebuildallarc' => [],
    'arc_download'  => ['list'],
    'arc_delete'    => ['list', 'zip'],
    'home'          => [],
    'help'          => ['help_topic'],
    'show_cert'     => [],
423
    'subscribe'     => ['list'],
424
425
    #'subrequest' => ['list','email'],
    'subindex'   => ['list'],
426
    'decl_add'  => ['list'],
427
428
    'signoff'    => ['list'],
    'auto_signoff'           => ['list'],
429
430
    'family_signoff'         => ['family', 'email'],
    'family_signoff_request' => ['family', 'email'],
431
    #'sigrequest'             => ['list',   'email'],
432
    'sigindex'               => ['list'],
433
    'decl_del'              => ['list'],
434
    'set'                => ['list', 'email', 'reception', 'gecos'],
435
436
437
438
439
440
441
442
    'serveradmin'        => ['subaction'],
    'set_session_email'  => ['email'],
    'skinsedit'          => [],
    'get_pending_lists'  => [],
    'get_closed_lists'   => [],
    'get_latest_lists'   => [],
    'get_inactive_lists' => [],
    'get_biggest_lists'  => [],
sikeda's avatar
sikeda committed
443
    'search_list'        => ['filter_list'],
sikeda's avatar
sikeda committed
444
445
446
447
448
449
    'shared'          => ['list', '@path'],     #FIXME: no such function.
    'd_read'          => ['list', '@path'],
    'latest_d_read'   => ['list'],
    'd_admin'         => ['list', 'd_admin'],
    'd_delete'        => ['list', '@path'],
    'd_rename'        => ['list', '@path'],
450
    'd_create_child'  => ['list', '@path'],
451
    'd_update'        => ['list', '@path'],
sikeda's avatar
sikeda committed
452
453
454
455
456
457
    'd_describe'      => ['list', '@path'],
    'd_editfile'      => ['list', '@path'],
    'd_properties'    => ['list', '@path'],
    'd_control'       => ['list', '@path'],
    'd_change_access' => ['list', '@path'],
    'd_set_owner'     => ['list', '@path'],
458
    'export_member'   => ['list', 'format'],
sikeda's avatar
sikeda committed
459
460
461
462
463
    'search'          => ['list', 'filter'],
    'search_user'     => ['email'],
    'set_lang'        => ['lang'],
    'attach' => ['list', 'dir', 'file'],
    'stats'  => ['list'],
464
    'edit_list_request' => ['list', 'group'],
465
    'move_list'       => ['list', 'new_listname', 'new_robot'],
466
    'copy_list'         => ['list', 'new_listname', 'new_robot'],
467
468
469
470
471
472
473
474
475
476
477
478
479
480
    'redirect'        => [],
    'viewlogs'        => ['list', 'page', 'size', 'sortby'],
    'wsdl'            => [],
    'sync_include'    => ['list'],
    'review_family'   => ['family_name'],
    'ls_templates'    => ['list'],
    'view_template'   => [],
    'remove_template' => [],
    'copy_template'   => ['list'],
    'edit_template'   => ['list'],
    'rss_request'     => ['list'],
    'request_topic'       => ['list', 'authkey'],
    'tag_topic_by_sender' => ['list'],
    'ticket'              => ['ticket'],
481
    'move_user'           => [],
482
    'manage_template' => ['subaction', 'list', 'message_template'],
483
484
    'rt_delete'       => ['list',          'message_template'],
    'rt_edit'         => ['list',          'message_template'],
485
486
    'send_newsletter' => [],
    'compose_mail'    => ['list',          'subaction'],
sikeda's avatar
sikeda committed
487
    'suspend'         => ['list'],
488
489
490
491
    'suspend_request' => ['subaction'],
    'show_exclude'    => ['list'],
    'ca'              => ['custom_action', '@cap'],
    'lca'                                => ['custom_action', 'list', '@cap'],
492
493
494
495
    #XXX'automatic_lists_management_request' => [],
    #XXX'automatic_lists_management'         => [],
    'create_automatic_list'              => ['family'],
    'create_automatic_list_request'      => ['family'],
496
    'auth'                               => ['id', 'heldaction', 'listname'],
497
498
    'auth_add'                           => ['list'],
    'auth_del'                           => ['list'],
499
);
root's avatar
root committed
500

501
## Define the required parameters for each action
502
503
## Parameter names refer to the %in structure of to $param if mentionned as
## 'param.x'
504
505
## This structure is used to determine if any parameter is missing
## The list of parameters is not ordered
506
507
508
## Some keywords are reserved: param.list and param.user.email
## Alternate parameters can be defined with the '|' character
## Limits of this structure: it does not define optional parameters (a or b)
509
510
511
512
513
514
## Limit: it does not allow to have a specific error message and redirect to a
## given page if the parameter is missing
our %required_args = (
    'active_lists'            => ['for|count'],
    'admin'                   => ['param.list', 'param.user.email'],
    'add'                     => ['param.list', 'param.user.email'],
515
    'import'                  => ['param.list', 'param.user.email'],
516
517
518
519
520
521
522
    'arc'                     => ['param.list'],
    'arc_delete'              => ['param.user.email', 'param.list'],
    'arc_download'            => ['param.user.email', 'param.list'],
    'arc_manage'              => ['param.list'],
    'arcsearch'               => ['param.list'],
    'arcsearch_form'          => ['param.list'],
    'arcsearch_id'            => ['param.list'],
523
    'auth'                    => ['id', 'heldaction', 'email'],
524
525
    'auth_add'                => ['param.list', 'param.user.email'],
    'auth_del'                => ['param.list', 'param.user.email'],
526
    'auto_signoff'            => ['param.list', 'email'],
527
528
    'attach'                  => ['param.list'],
    'blacklist'               => ['param.list'],
529
    'move_user'               => ['param.user.email', 'current_email|old_email', 'email|new_email'],
530
531
532
533
    'close_list'              => ['param.user.email', 'param.list'],
    'compose_mail'            => ['param.user.email', 'param.list'],
    'copy_template'           => ['webormail'],
    ## other required parameters are checked in the subroutine
534
535
    'create_automatic_list'         => ['param.user.email', 'family'],
    'create_automatic_list_request' => ['param.user.email', 'family'],
536
    'create_list'                   => ['param.user.email', 'info'],
537
    'create_list_request'           => ['param.user.email'],
538
    #XXX'css' => [],
539
540
541
542
543
    'd_admin'         => ['param.list', 'param.user.email'],
    'd_change_access' => ['param.list', 'param.user.email'],
    'd_control'       => ['param.list', 'param.user.email'],
    'd_create_child' =>
        ['param.list', 'param.user.email', 'new_name|uploaded_file'],
544
545
546
547
548
549
550
551
    'd_delete'         => ['param.list', 'param.user.email'],
    'd_describe'       => ['param.list', 'param.user.email', 'content'],
    'd_editfile'       => ['param.list', 'param.user.email'],
    'd_install_shared' => ['param.list', 'param.user.email', 'id'],
    'd_properties'     => ['param.list', 'param.user.email'],
    'd_read'          => ['param.list'],
    'd_reject_shared' => ['param.list', 'param.user.email', 'id'],
    'd_rename'        => ['param.list', 'param.user.email', 'new_name'],
552
    'd_update' =>
553
        ['param.list', 'param.user.email', 'content|url|uploaded_file'],
554
    'd_set_owner'     => ['param.list', 'param.user.email'],
sikeda's avatar
sikeda committed
555
    'd_unzip'         => ['param.list', 'param.user.email', 'uploaded_file'],
556
557
558
559
560
    'del'             => ['param.list', 'param.user.email', 'email'],
    'delete_pictures' => ['param.list', 'param.user.email'],
    'distribute'      => ['param.list', 'param.user.email', 'id|idspam'],
    'add_frommod'     => ['param.list', 'param.user.email', 'id'],
    'dump_scenario'      => ['param.list', 'pname'],
561
    'edit'            => ['param.list', 'param.user.email', 'role', 'email'],
562
563
564
565
566
    'edit_list'          => ['param.user.email', 'param.list'],
    'edit_list_request'  => ['param.user.email', 'param.list'],
    'edit_template'      => ['webormail'],
    'editfile'           => ['param.user.email'],
    'editsubscriber'     => ['param.list', 'param.user.email', 'email'],
567
    'export_member'      => ['param.list'],
568
569
570
571
572
    'get_closed_lists'   => ['param.user.email'],
    'get_inactive_lists' => ['param.user.email'],
    'get_latest_lists'   => ['param.user.email'],
    'get_biggest_lists'  => ['param.user.email'],
    'get_pending_lists'  => ['param.user.email'],
573
574
    'decl_del'             => ['param.list', 'param.user.email'],
    'decl_add'             => ['param.list', 'param.user.email'],
575
    'including_lists'      => ['param.list', 'param.user.email'],
576
577
578
579
580
581
582
583
    'info'                 => ['param.list'],
    'install_pending_list' => ['param.user.email'],
    'edit_config'          => ['param.user.email'],
    'latest_arc'           => ['param.list', 'for|count'],
    'latest_d_read' => ['param.list', 'for', 'count'],
    'latest_lists'  => ['for|count'],
    'load_cert'     => ['param.list'],
    'logout'        => ['param.user.email'],
584
585
586
587
588
589
590
    'manage_template' => ['param.list', 'param.user.email'],
    'rt_create' => ['param.list', 'param.user.email', 'new_template_name'],
    'rt_delete'     => ['param.list', 'param.user.email', 'message_template'],
    'rt_edit'       => ['param.list', 'param.user.email', 'message_template'],
    'rt_setdefault' => ['param.list', 'param.user.email', 'new_default'],
    'rt_update' =>
        ['param.list', 'param.user.email', 'message_template', 'content'],
591
    'modindex'           => ['param.list',       'param.user.email'],
592
    'docindex'           => ['param.list',       'param.user.email'],
593
594
595
596
597
598
599
600
    'pref'               => ['param.user.email'],
    'purge_list'         => ['param.user.email', 'selected_lists'],
    'rebuildallarc'      => ['param.user.email'],
    'rebuildarc'         => ['param.user.email', 'param.list'],
    'reject'          => ['param.list', 'param.user.email', 'id|idspam'],
    'remind'          => ['param.list', 'param.user.email'],
    'remove_arc'      => ['param.list'],
    'remove_template' => ['webormail'],
601
    'move_list' =>
602
603
604
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'copy_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
605
    'open_list'           => ['param.user.email', 'param.list'],
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
    'rename_list_request' => ['param.user.email', 'param.list'],
    'request_topic'       => ['param.list',       'authkey'],
    'resetbounce'  => ['param.list',       'param.user.email', 'email'],
    'review'          => ['param.list'],
    'review_family'   => ['param.user.email', 'family_name'],
    'reviewbouncing'  => ['param.list'],
    'rss_request'     => [],
    'savefile'        => ['param.user.email', 'file'],
    'search'          => ['param.list', 'filter'],
    'search_user'     => ['param.user.email', 'email'],
    'send_mail'       => ['param.user.email'],
    'send_newsletter' => ['param.list', 'param.user.email', 'url'],
    'send_me'         => ['param.list'],
    'view_source'     => ['param.list'],
    'tracking'        => ['param.list'],
    'requestpasswd'   => ['email'],
    'serveradmin'     => ['param.user.email'],
    'set'      => ['param.list', 'reception|visibility'],
    'set_lang' => [],
    'set_pending_list_request' => ['param.user.email'],
sikeda's avatar
sikeda committed
626
627
628
629
630
631
632
    'setpasswd' => ['param.user.email', 'newpasswd1', 'newpasswd2'],
    'setpref'   => ['param.user.email'],
    'sigindex'               => ['param.list',       'param.user.email'],
    'signoff'                => ['param.list'],
    'skinsedit'              => ['param.user.email'],
    'sso_login'              => ['auth_service_name'],
    'stats'                  => ['param.list'],
633
634
635
636
    'subindex'               => ['param.list',       'param.user.email'],
    'suboptions'             => ['param.list',       'param.user.email'],
    'subscribe'              => ['param.list'],
    'subscriber_count'       => ['param.list'],
sikeda's avatar
sikeda committed
637
    'suspend'                => ['param.list',       'param.user.email'],
638
639
640
641
642
643
644
    'suspend_request'        => [],
    'suspend_request_action' => [],
    'show_exclude'           => ['param.list'],
    'sync_include'           => ['param.list',       'param.user.email'],
    'tag_topic_by_sender'    => ['param.list'],
    'upload_pictures'        => ['param.user.email', 'param.list'],
    'view_template'          => ['webormail'],
645
    'viewbounce'             => ['param.list',       'email|file'],
646
647
648
    'viewlogs'               => ['param.list'],
    'viewmod' => ['param.list', 'param.user.email', 'id|idspam'],
    'wsdl'    => [],
649
    #'which' => ['param.user.email'],
650
);
651
652
653

## Defines the required privileges to access privileged actions
## You can define a set ofequiivalent privileges in the ARRAYREF
654
655
656
657
658
our %required_privileges = (
    'admin'              => ['owner',  'editor'],
    'arc_delete'         => ['owner'],
    'arc_download'       => ['owner'],
    'arc_manage'         => ['owner'],
659
660
    'auth_add'           => ['owner', 'editor'],
    'auth_del'           => ['owner', 'editor'],
661
662
663
664
665
666
667
668
    'blacklist'          => ['owner',  'editor'],
    'close_list'         => ['privileged_owner'],
    'copy_template'      => ['listmaster'],
    'd_install_shared'   => ['editor', 'owner'],
    'd_reject_shared'    => ['editor', 'owner'],
    'distribute'        => ['editor', 'owner', 'listmaster'],
    'add_frommod'       => ['editor', 'owner'],
    'dump_scenario'     => ['listmaster'],
669
    'edit'              => ['editor', 'owner', 'listmaster'],
670
671
672
    'edit_list'         => ['owner'],
    'edit_list_request' => ['owner'],
    'edit_template'     => ['listmaster'],
673
    'editfile'             => ['owner', 'listmaster'],
674
675
676
677
678
679
    'editsubscriber'       => ['owner', 'editor'],
    'get_closed_lists'     => ['listmaster'],
    'get_inactive_lists'   => ['listmaster'],
    'get_latest_lists'     => ['listmaster'],
    'get_biggest_lists'    => ['listmaster'],
    'get_pending_lists'    => ['listmaster'],
680
681
    'decl_del'             => ['owner', 'editor'],
    'decl_add'             => ['owner', 'editor'],
682
    'including_lists'      => ['owner', 'listmaster'],
683
684
685
686
    'install_pending_list' => ['listmaster'],
    'edit_config'          => ['listmaster'],
    'ls_templates'         => ['listmaster'],
    'manage_template'      => ['owner'],
687
688
689
690
691
    'rt_create'            => ['owner'],
    'rt_delete'            => ['owner'],
    'rt_edit'              => ['owner'],
    'rt_setdefault'        => ['owner'],
    'rt_update'            => ['owner'],
692
    'modindex'        => ['editor',           'owner', 'listmaster'],
693
    'docindex'        => ['editor',           'owner', 'listmaster'],
694
695
696
697
698
    'purge_list'      => ['privileged_owner', 'listmaster'],
    'rebuildallarc'   => ['listmaster'],
    'rebuildarc'      => ['listmaster'],
    'reject'          => ['editor',           'owner', 'listmaster'],
    'remove_template' => ['listmaster'],
699
    'move_list'     => ['privileged_owner'],
700
    'copy_list'                => ['owner', 'listmaster'],
701
    'open_list'                => ['listmaster'],
702
703
704
705
    'rename_list_request'      => ['privileged_owner'],
    'resetbounce'              => ['owner', 'editor'],
    'review_family'            => ['listmaster'],
    'reviewbouncing'           => ['owner', 'editor'],
706
    'savefile'                 => ['owner', 'listmaster'],
707
708
709
710
711
712
713
    'search_user'              => ['listmaster'],
    'serveradmin'              => ['listmaster'],
    'set_dumpvars'             => ['listmaster'],
    'set_loglevel'             => ['listmaster'],
    'set_pending_list_request' => ['listmaster'],
    'set_session_email'        => ['listmaster'],
    'show_sessions'            => ['listmaster'],
714
    'sigindex'                 => ['owner', 'editor'],
715
716
717
718
719
720
721
722
    'stats'                    => ['owner'],
    'subindex'                 => ['owner', 'editor'],
    'sync_include'             => ['owner', 'editor'],
    'skinsedit'                => ['listmaster'],
    'view_template'            => ['listmaster'],
    'viewbounce'               => ['owner', 'editor'],
    'viewlogs'                 => ['owner', 'editor'],
    'viewmod' => ['editor', 'owner', 'listmaster'],
723
724
    #XXX'automatic_lists_management_request' => ['listmaster'],
    #XXX'automatic_lists_management'         => ['listmaster'],
725
726
727
728
729
);

# this definition is used to choose the left side menu type (admin ->
# listowner admin menu | serveradmin -> server_admin menu | none list or
# your_list menu)
730
my %action_type = (
731
732
733
734
735
736
    'review'   => 'admin',
    'search'   => 'admin',
    'admin'    => 'admin',
    'import'   => 'admin',
    'add'      => 'admin',
    'del'      => 'admin',
737
    # 'modindex' =>'admin',
738
739
740
741
742
743
744
745
    'reject'             => 'admin',
    'reject_notify'      => 'admin',
    'distribute'         => 'admin',
    'add_frommod'        => 'admin',
    'viewmod'            => 'admin',
    'savefile'           => 'admin',
    'rebuildallarc'      => 'admin',    #FIXME: serveradmin?
    'reviewbouncing'     => 'admin',
746
    'edit'               => 'admin',
747
748
749
750
751
752
753
754
755
756
757
    'edit_list_request'  => 'admin',
    'edit_list'          => 'admin',
    'editsubscriber'     => 'admin',
    'viewbounce'         => 'admin',
    'resetbounce'        => 'admin',
    'scenario_test'      => 'admin',
    'close_list'         => 'admin',
    'd_admin'            => 'admin',
    'd_reject_shared'    => 'admin',
    'd_install_shared'   => 'admin',
    'dump_scenario'      => 'admin',
758
    'export_member'      => 'admin',
759
    'open_list'          => 'admin',
760
    'remind'             => 'admin',
761
    #'subindex' => 'admin',
762
    'stats'                              => 'admin',
763
764
    'decl_del'                           => 'admin',
    'decl_add'                           => 'admin',
765
    'move_list'                          => 'admin',
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
    'copy_list'                          => 'admin',
    'rename_list_request'                => 'admin',
    'arc_manage'                         => 'admin',
    'sync_include'                       => 'admin',
    'view_template'                      => 'admin',
    'remove_template'                    => 'admin',
    'copy_template'                      => 'admin',
    'edit_template'                      => 'admin',
    'blacklist'                          => 'admin',
    'viewlogs'                           => 'admin',
    'serveradmin'                        => 'serveradmin',
    'get_pending_lists'                  => 'serveradmin',
    'get_closed_lists'                   => 'serveradmin',
    'get_inactive_lists'                 => 'serveradmin',
    'get_latest_lists'                   => 'serveradmin',
    'get_biggest_lists'                  => 'serveradmin',
    'ls_templates'                       => 'serveradmin',
    'skinsedit'                          => 'serveradmin',
    'review_family'                      => 'serveradmin',
    'search_user'                        => 'serveradmin',
    'show_sessions'                      => 'serveradmin',
    'show_exclude'                       => 'admin',
    'rebuildarc'                         => 'serveradmin',
    'set_session_email'                  => 'serveradmin',
    'set_loglevel'                       => 'serveradmin',
    'editfile'                           => 'serveradmin',    #FIXME: admin?
    'unset_dumpvars'                     => 'serveradmin',
    'set_dumpvars'                       => 'serveradmin',
794
795
    #XXX'automatic_lists_management_request' => 'serveradmin',
    #XXX'automatic_lists_management'         => 'serveradmin',
796
);
root's avatar
root committed
797

798
# Actions that are not used in return of login,
799
my %temporary_actions = (
800
    'confirm_action'      => 1,
801
802
803
804
805
806
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'ticket'              => 1,
807
    #XXX'css' => 1,
808
809
810
811
    'rss'      => 1,    # FIXME:currently not used.
    'ajax'     => 1,
    'wsdl'     => 1,
    'redirect' => 1,
812
);
813

814
815
816
## Regexp applied on incoming parameters (%in)
## The aim is not a strict definition of parameter format
## but rather a security check
817
our %in_regexp = (
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
    ## Default regexp
    '*' => '[\w\-\.]+',

    ## List config parameters
    'single_param'   => '.+',
    'multiple_param' => '.+',

    ## Textarea content
    'template_content'     => '.+',
    'content'              => '.+',
    'body'                 => '.+',
    'info'                 => '.+',
    'new_scenario_content' => '.+',
    'blacklist'            => '.*',

    ## Integer
834
    'page' => '\d+|owner|editor',
835
836
837
838
839
840
841
842
843
844
    'size' => '\d+',

    ## Free data
    'subject'          => '.*',
    'gecos'            => '[^<>\\\*\$\n]+',
    'fromname'         => '[^<>\\\*\$\n]+',
    'additional_field' => '[^<>\\\*\$\n]+',
    'dump'             => '[^<>\\\*\$]+',     # contents email + gecos

    ## Search
845
    'filter'      => '.*',                    # search subscriber
sikeda's avatar
sikeda committed
846
    'filter_list' => '.*',                    # search list
847
848
    'key_word'    => '.*',
    'format'      => '[^<>\\\$\n]+',          # dump format/filter string
849
850
851
852
853
854
855
856
857

    ## File names
    'file'          => '[^<>\*\$\n]+',
    'template_path' => '[\w\-\.\/_]+',
    'arc_file'      => '[^<>\\\*\$\n]+',
    'path'          => '[^<>\\\*\$\n]+',
    'uploaded_file' =>
        '(.*[\/\\\\])?[^<>\*\$\n]+',          # Could be precised (use of "'")
    'dir'               => '[^<>\\\*\$\n]+',
858
    'new_name'          => '[^<>\\\*\$\[\]\/\n]+',
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
    'shortname'         => '[^<>\\\*\$\n]+',
    'id'                => '[^<>\\\*\$\n]+',
    'template_name'     => Sympa::Regexps::template_name(),
    'new_template_name' => Sympa::Regexps::template_name(),
    'message_template'  => Sympa::Regexps::template_name(),
    'new_default'       => Sympa::Regexps::template_name(),

    ## Archives
    ## format is yyyy-mm for 'arc' and mm for 'send_me'
    'month' => '\d{2}|\d{4}\-\d{2}',

    ## URL
    'referer'         => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'failure_referer' => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'url'             => '[^\\\$\*\"\'\`\^\|\<\>\n]+',

    ## Msg ID
    'msgid'       => '[^\\\*\"\'\`\^\|\n]+',
    'in_reply_to' => '[^\\\*\"\'\`\^\|\n]+',
    'message_id'  => '[^\\\*\"\'\`\^\|\n]+',

    ## Password
    'passwd'       => '.+',
    'password'     => '.+',
    'newpasswd1'   => '.+',
    'newpasswd2'   => '.+',
    'new_password' => '.+',

    ## Topics
888
    'topic'    => '\@?[\-\w\/]+',
889
890
891
892
893
894
895
896
897
898
899
900
901
902
    'topics'   => '[\-\w\/]+',
    'subtopic' => '[\-\w\/]+',

    ## List names
    'list' => '[\w\-\.\+]*',    ## Sympa::Regexps::listname() + uppercase
    'previous_list'  => '[\w\-\.\+]*',
    'listname'       => '[\w\-\.\+]*',
    'new_listname'   => '[\w\-\.\+]*',
    'selected_lists' => '[\w\-\.\+]*',

    ## Family names
    'family_name' => Sympa::Regexps::family_name(),
    'family'      => Sympa::Regexps::family_name(),

903
    # Email addresses
904
    'current_email' => Sympa::Regexps::email(),
905
906
907
908
909
910
    'email'      => Sympa::Regexps::email() . '|' . Sympa::Regexps::uid(),
    'init_email' => Sympa::Regexps::email(),
    'old_email'  => Sympa::Regexps::email(),
    'new_email'  => Sympa::Regexps::email(),
    'sender'     => Sympa::Regexps::email(),
    'fromaddr'   => Sympa::Regexps::email(),
911
    'del_emails' => '.*',
912
    'to' => '(([\w\-\_\.\/\+\=\']+|\".*\")\s[\w\-]+(\.[\w\-]+)+(,?))*',
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
    'automatic_list_part_*' => '[\w\-\.\+]*',

    ## Host
    'new_robot'   => Sympa::Regexps::host(),
    'remote_host' => Sympa::Regexps::host(),
    'remote_addr' => Sympa::Regexps::host(),

    ## Scenario name
    'scenario'    => Sympa::Regexps::scenario(),
    'read_access' => Sympa::Regexps::scenario(),
    'edit_access' => Sympa::Regexps::scenario(),
    ## RSS URL or blank
    'active_lists'  => '.*',
    'latest_lists'  => '.*',
    'latest_arc'    => '.*',
    'latest_d_read' => '.*',

    ##Logs
    'target_type' => '[\w\-\.\:]*',
    'target'      => Sympa::Regexps::email(),
    'date_from'   => '[\d\/\-]+',
    'date_to'     => '[\d\/\-]+',
    'ip'          => Sympa::Regexps::host(),

    ## colors
    'subaction_test'      => '.*',
    'subaction_reset'     => '.*',
    'subaction_install'   => '.*',
    'custom_color_value'  => '\#[0-9a-fA-F]+',
    'custom_color_number' => 'color_\w+',

    ## Custom attribute
    'custom_attribute' => '.*',

    ## Templates
    'scope' => 'distrib|robot|family|list|site',

    ## Custom Inputs from create_list_request.tt2
    'custom_input' => '.*',

    ## conf parameters
    'conf_new_value' => '.*',

    ## custom actions
    'cap'  => '.*',
    'lcap' => '.*',

    'plugin' => '.*',
961
962
963

    ## Envelope ID
    'envid' => '\w+',
964
965
966

    ## Authentication/moderation key
    'authkey' => '\w+',
967
968
969

    # Role
    'role' => 'member|editor|owner',
970
);
971

972
## Regexp applied on incoming parameters (%in)
973
974
975
976
977
978
## This regular expression defines forbidden expressions applied on all
## incoming parameters
## Note that you can use the ^ and $ expressions to match beginning and ending
## of expressions
our %in_negative_regexp = ('arc_file' => '^(arctxt|\.)');

979
980
# No longer used as of 6.2.19b.
#my %filtering;
981
982

## Set locale configuration
983
984
my $language = Sympa::Language->instance;
$language->set_lang($Conf::Conf{'lang'}, 'en');
salaun's avatar
salaun committed
985

986
987
988
989
# Important to leave this there because it defined defaults for
# user_data_source
#FIXME: Is it really required?
Sympa::DatabaseManager->instance;
990

991
992
993
994
# Now, load all components which are implemented as plugins.  Those will
# add fields to above configuration and may do database upgrades.
$plugins->start if $plugins;

995
996
997
## Check that the data structure is uptodate
## If not, set the web interface to maintenance mode
my $maintenance_mode;
sikeda's avatar
sikeda committed
998
unless (Conf::data_structure_uptodate()) {
999
    $maintenance_mode = 1;
1000
    $log->syslog('err',
1001
        'WWSympa set to maintenance mode; you should run sympa.pl --upgrade');
1002
} elsif (Conf::cookie_changed()) {
1003
1004
    $maintenance_mode = 1;
    $log->syslog('err',
1005
1006
        'WWSympa set to maintenance mode; sympa.conf/cookie parameter has changed.'
    );
1007
1008
}

1009
1010
our %in;
my $query;
root's avatar
root committed
1011

1012
my $birthday = [stat $PROGRAM_NAME]->[9];
1013

1014
1015
my $bulk = Sympa::Bulk->new;

1016
$log->syslog('info', 'WWSympa started, process %d', $PID);
1017

1018
1019
1020
1021
# Now internal encoding is same as input/output.
#XXX## Set output encoding
#XXX## All outgoing strings will be recoded transparently using this charset
#XXXbinmode STDOUT, ":utf8";
1022

1023
1024
#XXX## Incoming data is utf8-encoded
#XXXbinmode STDIN, ":utf8";
1025

1026
1027
# Main loop.
my $loop_count = 0;
1028
my $start_time = time;
1029
1030
while ($query = CGI::Fast->new) {
    $loop_count++;
1031

1032
1033
1034
1035
1036
1037
1038
    undef $param;
    undef $list;
    undef $robot;
    undef $ip;
    undef $rss;
    undef $ajax;
    undef $session;
1039

1040
    $log->{level} = $Conf::Conf{'log_level'};
1041
    $language->set_lang(Sympa::best_language('*'));
1042

1043
    # Process grouped notifications.
1044
    Sympa::Alarm->instance->flush;
1045
1046

    ## Check effective ID
1047
    unless ($EUID eq (getpwnam(Sympa::Constants::USER))[2]) {
1048
        $maintenance_mode = 1;
IKEDA Soji's avatar
IKEDA Soji committed
1049
        Sympa::WWW::Report::reject_report_web('intern_quiet',
sikeda's avatar
sikeda committed
1050
            'incorrect_server_config', {}, '', '');
1051
1052
        wwslog(
            'err',
1053
            'Config error: WWSympa should run with UID %s (instead of %s). *** Switching to maintenance mode. ***',
1054
            (getpwnam(Sympa::Constants::USER))[2],
1055
            $EUID
1056
1057
        );
    }
1058

1059
    ## We set the real UID with the effective UID value
1060
    ## It is useful to allow execution of scripts like alias_manager
1061
    ## that otherwise might loose the benefit of SetUID
1062
1063
    $UID = $EUID;    ## UID
    $GID = $EGID;    ## GID
1064

1065
    unless (Sympa::DatabaseManager->instance) {
IKEDA Soji's avatar
IKEDA Soji committed
1066
        Sympa::WWW::Report::reject_report_web('system_quiet', 'no_database', {},
sikeda's avatar
sikeda committed
1067
            '', '');
1068
        $log->syslog('info', 'WWSympa requires a RDBMS to run');
1069
    }
1070

1071
    ## If in maintenance mode, check if the data structure is now uptodate
sikeda's avatar
sikeda committed
1072
1073
    if (    $maintenance_mode
        and Conf::data_structure_uptodate()
1074
        and not Conf::cookie_changed()
sikeda's avatar
sikeda committed
1075
        and ($EUID eq (getpwnam(Sympa::Constants::USER))[2])) {
1076
        $maintenance_mode = undef;
1077
        $log->syslog('notice',
1078
1079
            "Data structure seem updated, setting OFF maintenance mode");
    }
1080

1081
    ## Generate traceback if crashed.
1082
1083
    ## Though I don't know why, __DIE__ handler is cleared after INIT.
    Sympa::Crash::register_handler();
1084

1085
1086
1087
    ## Get params in a hash
    %in = $query->Vars;

1088
1089
1090
1091
    # Determin robot.
    # N.B. As of 6.2.15, the http_host parameter will match with the host name
    # and path locally detected by server.  If remotely detected host name
    # and / or path should be differ, the proxy must adjust them.
IKEDA Soji's avatar
IKEDA Soji committed
1092
    $robot = Sympa::WWW::Tools::get_robot('http_host', 'wwsympa_url');
1093

1094
1095
1096
    # Default robot.
    $param->{'default_robot'} = 1
        if $robot eq $Conf::Conf{'domain'};
1097

1098
    $ip = $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} || 'undef';
1099

1100
1101
1102
1103
1104
1105
    # Determin cookie domain.
    # In case HTTP_HOST does not match cookie_domain, use former.
    # N.B. As of 6.2.15, the cookie domain will match with the host name
    # locally detected by server.  If remotely detected name should be differ,
    # the proxy must adjust it.
    my $cookie_domain = Conf::get_robot_conf($robot, 'cookie_domain');
IKEDA Soji's avatar
IKEDA Soji committed
1106
    my $http_host = Sympa::WWW::Tools::get_http_host() || '';
1107
1108
1109
    $http_host =~ s/:\d+$//;    # Suppress port.
    unless (substr($http_host, -length($cookie_domain)) eq lc $cookie_domain
        or $cookie_domain eq 'localhost') {
sikeda's avatar
sikeda committed
1110
        wwslog('notice',
1111
            '(%s) Does NOT match HTTP_HOST; setting cookie_domain to %s',
sikeda's avatar
sikeda committed
1112
            $cookie_domain, $http_host);
1113
        $cookie_domain = $http_host;
1114
    }
1115
1116
    $param->{'cookie_domain'} = $cookie_domain;

1117
    $log->{level} = Conf::get_robot_conf($robot, 'log_level');
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136

    ## Sympa parameters in $param->{'conf'}
    $param->{'conf'} = {};
    foreach my $p (
        'email',
        'soap_url',
        'wwsympa_url',
        'listmaster_email',
        'logo_html_definition',
        'favicon_url',
        'main_menu_custom_button_1_url',
        'main_menu_custom_button_1_title',
        'main_menu_custom_button_1_target',
        'main_menu_custom_button_2_url',
        'main_menu_custom_button_2_title',
        'main_menu_custom_button_2_target',
        'main_menu_custom_button_3_url',
        'main_menu_custom_button_3_title',
        'main_menu_custom_button_3_target',
1137
        'static_content_url',
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
        'dark_color',
        'light_color',
        'text_color',
        'bg_color',
        'error_color',
        'use_blacklist',
        'antispam_feature',
        'custom_robot_parameter',
        'selected_color',
        'shaded_color',
        'color_0',
        'color_1',
        'color_2',
        'color_3',
        'color_4',
        'color_5',
        'color_6',
        'color_7',
        'color_8',
        'color_9',
        'color_10',
        'color_11',
        'color_12',
        'color_13',
        'color_14',
        'color_15',
        'reporting_spam_script_path',
        'automatic_list_families',
1166
        'spam_protection',
1167
        'pictures_max_size',
1168
1169
1170
1171
        ) {

        $param->{'conf'}{$p} = Conf::get_robot_conf($robot, $p);
        $param->{$p} = Conf::get_robot_conf($robot, $p)
1172
            if $p =~ /_color\z/
1173
1174
            or $p =~ /\Acolor_/
            or $p =~ /_url\z/;
1175
    }
1176
    # Compat.: deprecated attributes of Robot.
1177
    $param->{'conf'}{'sympa'} = Sympa::get_address($robot);
1178
    $param->{'conf'}{'request'} = Sympa::get_address($robot, 'owner');
1179
1180
1181
    # Compat <= 6.2.16: CSS related.
    $param->{'css_path'} = sprintf '%s/%s', $Conf::Conf{'css_path'}, $robot;
    $param->{'css_url'}  = sprintf '%s/%s', $Conf::Conf{'css_url'}, $robot;
1182
1183
    # Compat. < 6.2.32: "host" parameter was deprecated.
    $param->{'conf'}{'host'} = Conf::get_robot_conf($robot, 'domain');
1184
1185

    foreach my $auth (keys %{$Conf::Conf{'cas_id'}{$robot}}) {
1186
        $log->syslog('debug2', 'CAS authentication service %s', $auth);
1187
1188
1189
1190
1191
1192
        $param->{'sso'}{$auth} =
            $Conf::Conf{'cas_id'}{$robot}{$auth}
            {'auth_service_friendly_name'};
    }

    foreach my $auth (keys %{$Conf::Conf{'generic_sso_id'}{$robot}}) {
1193
        $log->syslog('debug', 'Generic SSO authentication service %s', $auth);
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
        $param->{'sso'}{$auth} =
            $Conf::Conf{'auth_services'}{$robot}
            [$Conf::Conf{'generic_sso_id'}{$robot}{$auth}]{'service_name'};
    }

    $param->{'sso_number'} =
        $Conf::Conf{'cas_number'}{$robot} +
        $Conf::Conf{'generic_sso_number'}{$robot};
    $param->{'use_passwd'} = $Conf::Conf{'use_passwd'}{$robot};
    $param->{'use_sso'} = 1 if ($param->{'sso_number'});
    $param->{'authentication_info_url'} =
        $Conf::Conf{'authentication_info_url'}{$robot};
    $param->{'wwsconf'} = Conf::_load_wwsconf;    #FXIME: no longer used?

    $param->{'version'} = Sympa::Constants::VERSION;
    $param->{'date'} =
        $language->gettext_strftime("%d %b %Y at %H:%M:%S", localtime time);
    $param->{'time'} =
        $language->gettext_strftime("%H:%M:%S", localtime time);

    ## Hash defining the parameters where no control is performed (because
    ## they are supposed to contain html and/or javascript).
    $param->{'htmlAllowedParam'} = {
<