wwsympa.fcgi.in

#!--PERL--
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$

# Sympa - SYsteme de Multi-Postage Automatique
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
# Copyright 2017, 2018 The Sympa Community. See the AUTHORS.md file at the
# top-level directory of this distribution and at
# <https://github.com/sympa-community/sympa.git>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

## Copyright 1999 Comité Réseaux des Universités
## web interface to Sympa mailing lists manager
## Sympa: http://www.sympa.org/
## Authors :
##           Serge Aumont <sa AT cru.fr>
##           Olivier Salaün <os AT cru.fr>

use strict;
##use warnings;
use lib split(/:/, $ENV{SYMPALIB} || ''), '--modulesdir--';

use Archive::Zip qw();
use CGI::Fast qw();
use DateTime;
use DateTime::Format::Mail;
use Digest::MD5;
use Encode qw();
use English qw(-no_match_vars);
use IO::File qw();
use MIME::EncWords;
use MIME::Lite::HTML;
use POSIX qw();
use Time::Local qw();
use URI;
use Data::Dumper;    # tentative
BEGIN { eval 'use Crypt::OpenSSL::X509'; }

use Sympa;
use Sympa::Alarm;
use Sympa::Archive;
use Sympa::Bulk;
use Conf;
use Sympa::ConfDef;
use Sympa::Constants;
use Sympa::Crash Hook => \&_crash_handler;    # Show traceback.
use Sympa::Database;
use Sympa::DatabaseManager;
use Sympa::Family;
use Sympa::HTMLSanitizer;
use Sympa::Language;
use Sympa::List;
use Sympa::Log;
use Sympa::Message;
use Sympa::Regexps;
use Sympa::Robot;
use Sympa::Scenario;
use Sympa::Spindle::ProcessRequest;
use Sympa::Spindle::ResendArchive;
use Sympa::Spool::Archive;
use Sympa::Spool::Auth;
use Sympa::Spool::Held;
use Sympa::Spool::Incoming;
use Sympa::Spool::Moderation;
use Sympa::Template;
use Sympa::Ticket;
use Sympa::Tools::Data;
use Sympa::Tools::File;
use Sympa::Tools::Password;
use Sympa::Tools::Text;
use Sympa::Topic;
use Sympa::Tracking;
use Sympa::User;
use Sympa::WWW::Auth;
use Sympa::WWW::Marc::Search;
use Sympa::WWW::Report;
use Sympa::WWW::Session;
use Sympa::WWW::SharedDocument;
use Sympa::WWW::Tools;

## WWSympa librairies
my %options;

my $sympa_conf_file = Sympa::Constants::CONFIG;

# Used via the Sympa::Plugin interface
our $list;
our $param = {};
our $robot_id;
our $session;
our $plugins;

my $robot;
my $ip;
my $rss;
my $ajax;

my $allow_absolute_path;    #FIXME: to be removed in the future.
my @other_include_path;     #FIXME: ditto.

## Load sympa config
unless (Conf::load()) {
    printf STDERR
        "Unable to load sympa configuration, file %s or one of the vhost robot.conf files contain errors. Exiting.\n",
        Conf::get_sympa_conf();
    exit 1;
}

# Open log
my $log = Sympa::Log->instance;
$log->{level} = $Conf::Conf{'log_level'};
$log->openlog($Conf::Conf{'log_facility'} || $Conf::Conf{'syslog'},
    $Conf::Conf{'log_socket_type'});

## Start plugins
if (eval "require Sympa::Plugin::Manager") {
    $plugins = Sympa::Plugin::Manager->new(application => 'website');
}

Sympa::Alarm->instance->{use_bulk} = 1;

# hash of all the description files already loaded
# format :
#     $desc_files{pathfile}{'date'} : date of the last load
#     $desc_files{pathfile}{'desc_hash'} : hash which describes
#                         the description file

#%desc_files_map; NOT USED ANYMORE

## Shared directory and description file

#$shared = 'shared';
#$desc = '.desc';

## subroutines
our %comm = (
    'confirm_action'         => 'do_confirm_action',
    'home'                   => 'do_home',
    'logout'                 => 'do_logout',
    'loginrequest'           => 'do_loginrequest',
    'login'                  => 'do_login',
    'sso_login'              => 'do_sso_login',
    'sso_login_succeeded'    => 'do_sso_login_succeeded',
    'subscribe'              => 'do_subscribe',
    #'multiple_subscribe'     => 'do_multiple_subscribe',
    #'subrequest'             => 'do_subrequest',
    'subindex'               => 'do_subindex',
    'suboptions'             => 'do_suboptions',
    'signoff'                => 'do_signoff',
    'auto_signoff'           => 'do_auto_signoff',
    'family_signoff'         => 'do_family_signoff',
    'family_signoff_request' => 'do_family_signoff_request',
    #XXX'multiple_signoff'    => 'do_multiple_signoff',
    #'sigrequest' => 'do_sigrequest',
    'sigindex' => 'do_sigindex',
    'decl_add' => 'do_decl_add',
    'decl_del' => 'do_decl_del',
    'my'       => 'do_my',
    #'which' => 'do_which',
    'lists'            => 'do_lists',
    'lists_categories' => 'do_lists_categories',
    'latest_lists'     => 'do_latest_lists',
    'active_lists'     => 'do_active_lists',
    'including_lists'  => 'do_including_lists',
    'info'             => 'do_info',
    'subscriber_count' => 'do_subscriber_count',
    'review'           => 'do_review',
    'search'           => 'do_search',
    'pref',            => 'do_pref',
    'setpref'          => 'do_setpref',
    'setpasswd'        => 'do_setpasswd',
    'renewpasswd'      => 'do_renewpasswd',
    'firstpasswd'      => 'do_firstpasswd',
    'requestpasswd'    => 'do_requestpasswd',
    'choosepasswd'     => 'do_choosepasswd',
    'set'              => 'do_set',
    'admin'            => 'do_admin',
    'import'           => 'do_import',
    'add'              => 'do_add',
    'auth_add'         => 'do_auth_add',
    'del'              => 'do_del',
    'auth_del'         => 'do_auth_del',
    'modindex'         => 'do_modindex',
    'docindex'         => 'do_docindex',
    'reject'           => 'do_reject',
    #XXX'reject_notify' => 'do_reject_notify',
    'distribute'      => 'do_distribute',
    'add_frommod'     => 'do_add_frommod',
    'viewmod'         => 'do_viewmod',
    'd_reject_shared' => 'do_d_reject_shared',
    #XXX'reject_notify_shared' => 'do_reject_notify_shared',
    'd_install_shared'  => 'do_d_install_shared',
    'editfile'          => 'do_editfile',
    'savefile'          => 'do_savefile',
    'arc'               => 'do_arc',
    'latest_arc'        => 'do_latest_arc',
    'latest_d_read'     => 'do_latest_d_read',
    'arc_manage'        => 'do_arc_manage',
    'remove_arc'        => 'do_remove_arc',
    'send_me'           => 'do_send_me',
    'view_source'       => 'do_view_source',
    'tracking'          => 'do_tracking',
    'arcsearch_form'    => 'do_arcsearch_form',
    'arcsearch_id'      => 'do_arcsearch_id',
    'arcsearch'         => 'do_arcsearch',
    'rebuildarc'        => 'do_rebuildarc',
    'rebuildallarc'     => 'do_rebuildallarc',
    'arc_download'      => 'do_arc_download',
    'arc_delete'        => 'do_arc_delete',
    'serveradmin'       => 'do_serveradmin',
    'set_loglevel'      => 'do_set_loglevel',
    'set_dumpvars'      => 'do_set_dumpvars',
    'show_sessions'     => 'do_show_sessions',
    'unset_dumpvars'    => 'do_unset_dumpvars',
    'set_session_email' => 'do_set_session_email',
    'restore_email'     => 'do_restore_email',
    'skinsedit'         => 'do_skinsedit',
    #XXX'css' => 'do_css',
    'help'                     => 'do_help',
    'edit_list_request'        => 'do_edit_list_request',
    'edit_list'                => 'do_edit_list',
    'create_list_request'      => 'do_create_list_request',
    'create_list'              => 'do_create_list',
    'get_pending_lists'        => 'do_get_pending_lists',
    'get_closed_lists'         => 'do_get_closed_lists',
    'get_latest_lists'         => 'do_get_latest_lists',
    'get_inactive_lists'       => 'do_get_inactive_lists',
    'get_biggest_lists'        => 'do_get_biggest_lists',
    'set_pending_list_request' => 'do_set_pending_list_request',
    'install_pending_list'     => 'do_install_pending_list',
    'edit_config'              => 'do_edit_config',
    #XXX'submit_list' => 'do_submit_list',
    'editsubscriber'       => 'do_editsubscriber',
    'edit'                 => 'do_edit',
    'viewbounce'           => 'do_viewbounce',
    'redirect'             => 'do_redirect',
    'rename_list_request'  => 'do_rename_list_request',
    'move_list'            => 'do_move_list',
    'copy_list'            => 'do_copy_list',
    'reviewbouncing'       => 'do_reviewbouncing',
    'resetbounce'          => 'do_resetbounce',
    'scenario_test'        => 'do_scenario_test',
    'search_list'          => 'do_search_list',
    'search_list_request'  => 'do_search_list_request',
    'show_cert'            => 'do_show_cert',
    'close_list'           => 'do_close_list',
    'open_list'            => 'do_open_list',
    'purge_list'           => 'do_purge_list',
    'upload_pictures'      => 'do_upload_pictures',
    'delete_pictures'      => 'do_delete_pictures',
    'd_read'               => 'do_d_read',
    'd_create_child'       => 'do_d_create_child',
    'd_unzip'              => 'do_d_unzip',
    'd_editfile'           => 'do_d_editfile',
    'd_properties'         => 'do_d_properties',
    'd_update'             => 'do_d_update',
    'd_describe'           => 'do_d_describe',
    'd_delete'             => 'do_d_delete',
    'd_rename'             => 'do_d_rename',
    'd_control'            => 'do_d_control',
    'd_change_access'      => 'do_d_change_access',
    'd_set_owner'          => 'do_d_set_owner',
    'd_admin'              => 'do_d_admin',
    'dump_scenario'        => 'do_dump_scenario',
    'export_member'        => 'do_export_member',
    'remind'               => 'do_remind',
    'move_user'            => 'do_move_user',
    'load_cert'            => 'do_load_cert',
    'compose_mail'         => 'do_compose_mail',
    'send_mail'            => 'do_send_mail',
    'request_topic'        => 'do_request_topic',
    'tag_topic_by_sender'  => 'do_tag_topic_by_sender',
    'search_user'          => 'do_search_user',
    'set_lang'             => 'do_set_lang',
    'attach'               => 'do_attach',
    'stats'                => 'do_stats',
    'viewlogs'             => 'do_viewlogs',
    'wsdl'                 => 'do_wsdl',
    'sync_include'         => 'do_sync_include',
    'review_family'        => 'do_review_family',
    'ls_templates'         => 'do_ls_templates',
    'remove_template'      => 'do_remove_template',
    'copy_template'        => 'do_copy_template',
    'view_template'        => 'do_view_template',
    'edit_template'        => 'do_edit_template',
    #'rss' => 'do_rss', #FIXME:Currently processed in differenct way.
    'rss_request'     => 'do_rss_request',
    'maintenance'     => 'do_maintenance',
    'blacklist'       => 'do_blacklist',
    'edit_attributes' => 'do_edit_attributes',
    'ticket'          => 'do_ticket',
    'manage_template' => 'do_manage_template',
    'rt_create'       => 'do_rt_create',
    'rt_delete'       => 'do_rt_delete',
    'rt_edit'         => 'do_rt_edit',
    'rt_setdefault'   => 'do_rt_setdefault',
    'rt_update'       => 'do_rt_update',
    #XXX'send_newsletter' => 'do_send_newsletter',
    'suspend'                => 'do_suspend',
    'suspend_request'        => 'do_suspend_request',
    'suspend_request_action' => 'do_suspend_request_action',
    'show_exclude'           => 'do_show_exclude',
    # 'ca' stands for 'custom_action'. I used a short name to make it discrete
    # in a URL.
    'ca' => 'do_ca',
    # 'lca' stands for 'list_custom_action'. I used a short name to make it
    # discrete in a URL.
    'lca' => 'do_lca',
    #XXX'automatic_lists_management_request' =>
    #XXX    'do_automatic_lists_management_request',
    #XXX'automatic_lists_management'    => 'do_automatic_lists_management',
    'create_automatic_list'         => 'do_create_automatic_list',
    'create_automatic_list_request' => 'do_create_automatic_list_request',
    'auth'                          => 'do_auth',
);

my %comm_aliases = (
    'add_fromsub'             => 'auth_add',
    'add_request'             => 'import',
    'automatic_lists'         => 'create_automatic_list',
    'automatic_lists_request' => 'create_automatic_list_request',
    'change_email'            => 'move_user',
    'change_email_request'    => 'move_user',
    'dump'                    => 'export_member',
    'ignoresig'               => 'decl_del',
    'ignoresub'               => 'decl_add',
    'del_fromsig'             => 'auth_del',
    'rename_list'             => 'move_list',
    'restore_list'            => 'open_list',
    'sigrequest'              => 'signoff',
    'subrequest'              => 'subscribe',
);

my %auth_action = (
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'renewpasswd'         => 1,
    'firstpasswd'         => 1,
    'choosepasswd'        => 1,
    'sendssopasswd'       => 1,    #FIXME: currently not used
    'ticket'              => 1,
);

# Arguments awaited in the PATH_INFO, depending on the action.
# NOTE:
# * The email addresses should NOT be embedded in PATH_INFO, because included
#   slashes (/) cannot be handled correctly by web servers. They are kept just
#   for compatibility to earlier releases of Sympa.  Use query parameters
#   instead.
our %action_args = (
    'default'       => ['list'],
    'editfile'      => ['list', 'file', 'previous_action'],
    'requestpasswd' => ['email'],
    'choosepasswd'    => ['email', 'passwd'],
    'lists'           => ['topic', 'subtopic'],
    'latest_lists'    => ['topic', 'subtopic'],
    'active_lists'    => ['topic', 'subtopic'],
    'including_lists' => ['list'],
    'login' => ['email', 'passwd', 'previous_action', 'previous_list'],
    'sso_login' => ['auth_service_name', 'subaction', 'email', 'ticket'],
    'sso_login_succeeded' =>
        ['auth_service_name', 'previous_action', 'previous_list'],
    'loginrequest' => ['previous_action', 'previous_list'],
    'logout'       => ['previous_action', 'previous_list'],
    'renewpasswd'  => ['previous_action', 'previous_list'],
    'firstpasswd'  => ['previous_action', 'previous_list'],
    #XXX'css' => ['file'],
    'pref'             => ['previous_action', 'previous_list'],
    'reject'           => ['list',            'id'],
    'distribute'       => ['list',            'id'],
    'add_frommod'      => ['list',            'id'],
    'dump_scenario'    => ['list',            'pname'],
    'd_reject_shared'  => ['list',            'id'],
    'd_install_shared' => ['list',            'id'],
    'modindex'         => ['list'],
    'docindex'         => ['list'],
    'viewmod'  => ['list', 'id', '@file'],
    'add'      => ['list', 'email'],
    'import'   => ['list'],
    'del' => ['list', 'email'],
    #'editsubscriber' =>
    #    ['list', 'email', 'previous_action', 'custom_attribute'],
    #'editsubscriber' => ['list', 'email', 'previous_action'],
    'editsubscriber' => ['list'],
    'edit'           => ['list', 'role'],
    #'viewbounce' => ['list', 'email', '@file'],
    'viewbounce' => ['list', 'dir', '@file'],
    #'resetbounce'    => ['list', 'email'],
    'review'         => ['list', 'page',  'size', 'sortby'],
    'reviewbouncing' => ['list', 'page',  'size'],
    'arc'            => ['list', 'month', '@arc_file'],
    'latest_arc'     => ['list'],
    'arc_manage'     => ['list'],
    'arcsearch_form' => ['list', 'archive_name'],
    'arcsearch_id'   => ['list', 'archive_name', '@msgid'],
    'rebuildarc'     => ['list', 'month'],
    'rebuildallarc' => [],
    'arc_download'  => ['list'],
    'arc_delete'    => ['list', 'zip'],
    'home'          => [],
    'help'          => ['help_topic'],
    'show_cert'     => [],
    'subscribe'     => ['list'],
    #'subrequest' => ['list','email'],
    'subindex'   => ['list'],
    'decl_add'  => ['list'],
    'signoff'    => ['list'],
    'auto_signoff'           => ['list'],
    'family_signoff'         => ['family', 'email'],
    'family_signoff_request' => ['family', 'email'],
    #'sigrequest'             => ['list',   'email'],
    'sigindex'               => ['list'],
    'decl_del'              => ['list'],
    'set'                => ['list', 'email', 'reception', 'gecos'],
    'serveradmin'        => ['subaction'],
    'set_session_email'  => ['email'],
    'skinsedit'          => [],
    'get_pending_lists'  => [],
    'get_closed_lists'   => [],
    'get_latest_lists'   => [],
    'get_inactive_lists' => [],
    'get_biggest_lists'  => [],
    'search_list'        => ['filter_list'],
    'shared'          => ['list', '@path'],     #FIXME: no such function.
    'd_read'          => ['list', '@path'],
    'latest_d_read'   => ['list'],
    'd_admin'         => ['list', 'd_admin'],
    'd_delete'        => ['list', '@path'],
    'd_rename'        => ['list', '@path'],
    'd_create_child'  => ['list', '@path'],
    'd_update'        => ['list', '@path'],
    'd_describe'      => ['list', '@path'],
    'd_editfile'      => ['list', '@path'],
    'd_properties'    => ['list', '@path'],
    'd_control'       => ['list', '@path'],
    'd_change_access' => ['list', '@path'],
    'd_set_owner'     => ['list', '@path'],
    'export_member'   => ['list', 'format'],
    'search'          => ['list', 'filter'],
    'search_user'     => ['email'],
    'set_lang'        => ['lang'],
    'attach' => ['list', 'dir', 'file'],
    'stats'  => ['list'],
    'edit_list_request' => ['list', 'group'],
    'move_list'       => ['list', 'new_listname', 'new_robot'],
    'copy_list'         => ['list', 'new_listname', 'new_robot'],
    'redirect'        => [],
    'viewlogs'        => ['list', 'page', 'size', 'sortby'],
    'wsdl'            => [],
    'sync_include'    => ['list'],
    'review_family'   => ['family_name'],
    'ls_templates'    => ['list'],
    'view_template'   => [],
    'remove_template' => [],
    'copy_template'   => ['list'],
    'edit_template'   => ['list'],
    'rss_request'     => ['list'],
    'request_topic'       => ['list', 'authkey'],
    'tag_topic_by_sender' => ['list'],
    'ticket'              => ['ticket'],
    'move_user'           => [],
    'manage_template' => ['subaction', 'list', 'message_template'],
    'rt_delete'       => ['list',          'message_template'],
    'rt_edit'         => ['list',          'message_template'],
    'send_newsletter' => [],
    'compose_mail'    => ['list',          'subaction'],
    'suspend'         => ['list'],
    'suspend_request' => ['subaction'],
    'show_exclude'    => ['list'],
    'ca'              => ['custom_action', '@cap'],
    'lca'                                => ['custom_action', 'list', '@cap'],
    #XXX'automatic_lists_management_request' => [],
    #XXX'automatic_lists_management'         => [],
    'create_automatic_list'              => ['family'],
    'create_automatic_list_request'      => ['family'],
    'auth'                               => ['id', 'heldaction', 'listname'],
    'auth_add'                           => ['list'],
    'auth_del'                           => ['list'],
);

## Define the required parameters for each action
## Parameter names refer to the %in structure of to $param if mentionned as
## 'param.x'
## This structure is used to determine if any parameter is missing
## The list of parameters is not ordered
## Some keywords are reserved: param.list and param.user.email
## Alternate parameters can be defined with the '|' character
## Limits of this structure: it does not define optional parameters (a or b)
## Limit: it does not allow to have a specific error message and redirect to a
## given page if the parameter is missing
our %required_args = (
    'active_lists'            => ['for|count'],
    'admin'                   => ['param.list', 'param.user.email'],
    'add'                     => ['param.list', 'param.user.email'],
    'import'                  => ['param.list', 'param.user.email'],
    'arc'                     => ['param.list'],
    'arc_delete'              => ['param.user.email', 'param.list'],
    'arc_download'            => ['param.user.email', 'param.list'],
    'arc_manage'              => ['param.list'],
    'arcsearch'               => ['param.list'],
    'arcsearch_form'          => ['param.list'],
    'arcsearch_id'            => ['param.list'],
    'auth'                    => ['id', 'heldaction', 'email'],
    'auth_add'                => ['param.list', 'param.user.email'],
    'auth_del'                => ['param.list', 'param.user.email'],
    'auto_signoff'            => ['param.list', 'email'],
    'attach'                  => ['param.list'],
    'blacklist'               => ['param.list'],
    'move_user'               => ['param.user.email', 'current_email|old_email', 'email|new_email'],
    'close_list'              => ['param.user.email', 'param.list'],
    'compose_mail'            => ['param.user.email', 'param.list'],
    'copy_template'           => ['webormail'],
    ## other required parameters are checked in the subroutine
    'create_automatic_list'         => ['param.user.email', 'family'],
    'create_automatic_list_request' => ['param.user.email', 'family'],
    'create_list'                   => ['param.user.email', 'info'],
    'create_list_request'           => ['param.user.email'],
    #XXX'css' => [],
    'd_admin'         => ['param.list', 'param.user.email'],
    'd_change_access' => ['param.list', 'param.user.email'],
    'd_control'       => ['param.list', 'param.user.email'],
    'd_create_child' =>
        ['param.list', 'param.user.email', 'new_name|uploaded_file'],
    'd_delete'         => ['param.list', 'param.user.email'],
    'd_describe'       => ['param.list', 'param.user.email', 'content'],
    'd_editfile'       => ['param.list', 'param.user.email'],
    'd_install_shared' => ['param.list', 'param.user.email', 'id'],
    'd_properties'     => ['param.list', 'param.user.email'],
    'd_read'          => ['param.list'],
    'd_reject_shared' => ['param.list', 'param.user.email', 'id'],
    'd_rename'        => ['param.list', 'param.user.email', 'new_name'],
    'd_update' =>
        ['param.list', 'param.user.email', 'content|url|uploaded_file'],
    'd_set_owner'     => ['param.list', 'param.user.email'],
    'd_unzip'         => ['param.list', 'param.user.email', 'uploaded_file'],
    'del'             => ['param.list', 'param.user.email', 'email'],
    'delete_pictures' => ['param.list', 'param.user.email'],
    'distribute'      => ['param.list', 'param.user.email', 'id|idspam'],
    'add_frommod'     => ['param.list', 'param.user.email', 'id'],
    'dump_scenario'      => ['param.list', 'pname'],
    'edit'            => ['param.list', 'param.user.email', 'role', 'email'],
    'edit_list'          => ['param.user.email', 'param.list'],
    'edit_list_request'  => ['param.user.email', 'param.list'],
    'edit_template'      => ['webormail'],
    'editfile'           => ['param.user.email'],
    'editsubscriber'     => ['param.list', 'param.user.email', 'email'],
    'export_member'      => ['param.list'],
    'get_closed_lists'   => ['param.user.email'],
    'get_inactive_lists' => ['param.user.email'],
    'get_latest_lists'   => ['param.user.email'],
    'get_biggest_lists'  => ['param.user.email'],
    'get_pending_lists'  => ['param.user.email'],
    'decl_del'             => ['param.list', 'param.user.email'],
    'decl_add'             => ['param.list', 'param.user.email'],
    'including_lists'      => ['param.list', 'param.user.email'],
    'info'                 => ['param.list'],
    'install_pending_list' => ['param.user.email'],
    'edit_config'          => ['param.user.email'],
    'latest_arc'           => ['param.list', 'for|count'],
    'latest_d_read' => ['param.list', 'for', 'count'],
    'latest_lists'  => ['for|count'],
    'load_cert'     => ['param.list'],
    'logout'        => ['param.user.email'],
    'manage_template' => ['param.list', 'param.user.email'],
    'rt_create' => ['param.list', 'param.user.email', 'new_template_name'],
    'rt_delete'     => ['param.list', 'param.user.email', 'message_template'],
    'rt_edit'       => ['param.list', 'param.user.email', 'message_template'],
    'rt_setdefault' => ['param.list', 'param.user.email', 'new_default'],
    'rt_update' =>
        ['param.list', 'param.user.email', 'message_template', 'content'],
    'modindex'           => ['param.list',       'param.user.email'],
    'docindex'           => ['param.list',       'param.user.email'],
    'pref'               => ['param.user.email'],
    'purge_list'         => ['param.user.email', 'selected_lists'],
    'rebuildallarc'      => ['param.user.email'],
    'rebuildarc'         => ['param.user.email', 'param.list'],
    'reject'          => ['param.list', 'param.user.email', 'id|idspam'],
    'remind'          => ['param.list', 'param.user.email'],
    'remove_arc'      => ['param.list'],
    'remove_template' => ['webormail'],
    'move_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'copy_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'open_list'           => ['param.user.email', 'param.list'],
    'rename_list_request' => ['param.user.email', 'param.list'],
    'request_topic'       => ['param.list',       'authkey'],
    'resetbounce'  => ['param.list',       'param.user.email', 'email'],
    'review'          => ['param.list'],
    'review_family'   => ['param.user.email', 'family_name'],
    'reviewbouncing'  => ['param.list'],
    'rss_request'     => [],
    'savefile'        => ['param.user.email', 'file'],
    'search'          => ['param.list', 'filter'],
    'search_user'     => ['param.user.email', 'email'],
    'send_mail'       => ['param.user.email'],
    'send_newsletter' => ['param.list', 'param.user.email', 'url'],
    'send_me'         => ['param.list'],
    'view_source'     => ['param.list'],
    'tracking'        => ['param.list'],
    'requestpasswd'   => ['email'],
    'serveradmin'     => ['param.user.email'],
    'set'      => ['param.list', 'reception|visibility'],
    'set_lang' => [],
    'set_pending_list_request' => ['param.user.email'],
    'setpasswd' => ['param.user.email', 'newpasswd1', 'newpasswd2'],
    'setpref'   => ['param.user.email'],
    'sigindex'               => ['param.list',       'param.user.email'],
    'signoff'                => ['param.list'],
    'skinsedit'              => ['param.user.email'],
    'sso_login'              => ['auth_service_name'],
    'stats'                  => ['param.list'],
    'subindex'               => ['param.list',       'param.user.email'],
    'suboptions'             => ['param.list',       'param.user.email'],
    'subscribe'              => ['param.list'],
    'subscriber_count'       => ['param.list'],
    'suspend'                => ['param.list',       'param.user.email'],
    'suspend_request'        => [],
    'suspend_request_action' => [],
    'show_exclude'           => ['param.list'],
    'sync_include'           => ['param.list',       'param.user.email'],
    'tag_topic_by_sender'    => ['param.list'],
    'upload_pictures'        => ['param.user.email', 'param.list'],
    'view_template'          => ['webormail'],
    'viewbounce'             => ['param.list',       'email|file'],
    'viewlogs'               => ['param.list'],
    'viewmod' => ['param.list', 'param.user.email', 'id|idspam'],
    'wsdl'    => [],
    #'which' => ['param.user.email'],
);

## Defines the required privileges to access privileged actions
## You can define a set ofequiivalent privileges in the ARRAYREF
our %required_privileges = (
    'admin'              => ['owner',  'editor'],
    'arc_delete'         => ['owner'],
    'arc_download'       => ['owner'],
    'arc_manage'         => ['owner'],
    'auth_add'           => ['owner', 'editor'],
    'auth_del'           => ['owner', 'editor'],
    'blacklist'          => ['owner',  'editor'],
    'close_list'         => ['privileged_owner'],
    'copy_template'      => ['listmaster'],
    'd_install_shared'   => ['editor', 'owner'],
    'd_reject_shared'    => ['editor', 'owner'],
    'distribute'        => ['editor', 'owner', 'listmaster'],
    'add_frommod'       => ['editor', 'owner'],
    'dump_scenario'     => ['listmaster'],
    'edit'              => ['editor', 'owner', 'listmaster'],
    'edit_list'         => ['owner'],
    'edit_list_request' => ['owner'],
    'edit_template'     => ['listmaster'],
    'editfile'             => ['owner', 'listmaster'],
    'editsubscriber'       => ['owner', 'editor'],
    'get_closed_lists'     => ['listmaster'],
    'get_inactive_lists'   => ['listmaster'],
    'get_latest_lists'     => ['listmaster'],
    'get_biggest_lists'    => ['listmaster'],
    'get_pending_lists'    => ['listmaster'],
    'decl_del'             => ['owner', 'editor'],
    'decl_add'             => ['owner', 'editor'],
    'including_lists'      => ['owner', 'listmaster'],
    'install_pending_list' => ['listmaster'],
    'edit_config'          => ['listmaster'],
    'ls_templates'         => ['listmaster'],
    'manage_template'      => ['owner'],
    'rt_create'            => ['owner'],
    'rt_delete'            => ['owner'],
    'rt_edit'              => ['owner'],
    'rt_setdefault'        => ['owner'],
    'rt_update'            => ['owner'],
    'modindex'        => ['editor',           'owner', 'listmaster'],
    'docindex'        => ['editor',           'owner', 'listmaster'],
    'purge_list'      => ['privileged_owner', 'listmaster'],
    'rebuildallarc'   => ['listmaster'],
    'rebuildarc'      => ['listmaster'],
    'reject'          => ['editor',           'owner', 'listmaster'],
    'remove_template' => ['listmaster'],
    'move_list'     => ['privileged_owner'],
    'copy_list'                => ['owner', 'listmaster'],
    'open_list'                => ['listmaster'],
    'rename_list_request'      => ['privileged_owner'],
    'resetbounce'              => ['owner', 'editor'],
    'review_family'            => ['listmaster'],
    'reviewbouncing'           => ['owner', 'editor'],
    'savefile'                 => ['owner', 'listmaster'],
    'search_user'              => ['listmaster'],
    'serveradmin'              => ['listmaster'],
    'set_dumpvars'             => ['listmaster'],
    'set_loglevel'             => ['listmaster'],
    'set_pending_list_request' => ['listmaster'],
    'set_session_email'        => ['listmaster'],
    'show_sessions'            => ['listmaster'],
    'sigindex'                 => ['owner', 'editor'],
    'stats'                    => ['owner'],
    'subindex'                 => ['owner', 'editor'],
    'sync_include'             => ['owner', 'editor'],
    'skinsedit'                => ['listmaster'],
    'view_template'            => ['listmaster'],
    'viewbounce'               => ['owner', 'editor'],
    'viewlogs'                 => ['owner', 'editor'],
    'viewmod' => ['editor', 'owner', 'listmaster'],
    #XXX'automatic_lists_management_request' => ['listmaster'],
    #XXX'automatic_lists_management'         => ['listmaster'],
);

# this definition is used to choose the left side menu type (admin ->
# listowner admin menu | serveradmin -> server_admin menu | none list or
# your_list menu)
my %action_type = (
    'review'   => 'admin',
    'search'   => 'admin',
    'admin'    => 'admin',
    'import'   => 'admin',
    'add'      => 'admin',
    'del'      => 'admin',
    # 'modindex' =>'admin',
    'reject'             => 'admin',
    'reject_notify'      => 'admin',
    'distribute'         => 'admin',
    'add_frommod'        => 'admin',
    'viewmod'            => 'admin',
    'savefile'           => 'admin',
    'rebuildallarc'      => 'admin',    #FIXME: serveradmin?
    'reviewbouncing'     => 'admin',
    'edit'               => 'admin',
    'edit_list_request'  => 'admin',
    'edit_list'          => 'admin',
    'editsubscriber'     => 'admin',
    'viewbounce'         => 'admin',
    'resetbounce'        => 'admin',
    'scenario_test'      => 'admin',
    'close_list'         => 'admin',
    'd_admin'            => 'admin',
    'd_reject_shared'    => 'admin',
    'd_install_shared'   => 'admin',
    'dump_scenario'      => 'admin',
    'export_member'      => 'admin',
    'open_list'          => 'admin',
    'remind'             => 'admin',
    #'subindex' => 'admin',
    'stats'                              => 'admin',
    'decl_del'                           => 'admin',
    'decl_add'                           => 'admin',
    'move_list'                          => 'admin',
    'copy_list'                          => 'admin',
    'rename_list_request'                => 'admin',
    'arc_manage'                         => 'admin',
    'sync_include'                       => 'admin',
    'view_template'                      => 'admin',
    'remove_template'                    => 'admin',
    'copy_template'                      => 'admin',
    'edit_template'                      => 'admin',
    'blacklist'                          => 'admin',
    'viewlogs'                           => 'admin',
    'serveradmin'                        => 'serveradmin',
    'get_pending_lists'                  => 'serveradmin',
    'get_closed_lists'                   => 'serveradmin',
    'get_inactive_lists'                 => 'serveradmin',
    'get_latest_lists'                   => 'serveradmin',
    'get_biggest_lists'                  => 'serveradmin',
    'ls_templates'                       => 'serveradmin',
    'skinsedit'                          => 'serveradmin',
    'review_family'                      => 'serveradmin',
    'search_user'                        => 'serveradmin',
    'show_sessions'                      => 'serveradmin',
    'show_exclude'                       => 'admin',
    'rebuildarc'                         => 'serveradmin',
    'set_session_email'                  => 'serveradmin',
    'set_loglevel'                       => 'serveradmin',
    'editfile'                           => 'serveradmin',    #FIXME: admin?
    'unset_dumpvars'                     => 'serveradmin',
    'set_dumpvars'                       => 'serveradmin',
    #XXX'automatic_lists_management_request' => 'serveradmin',
    #XXX'automatic_lists_management'         => 'serveradmin',
);

# Actions that are not used in return of login,
my %temporary_actions = (
    'confirm_action'      => 1,
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'ticket'              => 1,
    #XXX'css' => 1,
    'rss'      => 1,    # FIXME:currently not used.
    'ajax'     => 1,
    'wsdl'     => 1,
    'redirect' => 1,
);

## Regexp applied on incoming parameters (%in)
## The aim is not a strict definition of parameter format
## but rather a security check
our %in_regexp = (
    ## Default regexp
    '*' => '[\w\-\.]+',

    ## List config parameters
    'single_param'   => '.+',
    'multiple_param' => '.+',

    ## Textarea content
    'template_content'     => '.+',
    'content'              => '.+',
    'body'                 => '.+',
    'info'                 => '.+',
    'new_scenario_content' => '.+',
    'blacklist'            => '.*',

    ## Integer
    'page' => '\d+|owner|editor',
    'size' => '\d+',

    ## Free data
    'subject'          => '.*',
    'gecos'            => '[^<>\\\*\$\n]+',
    'fromname'         => '[^<>\\\*\$\n]+',
    'additional_field' => '[^<>\\\*\$\n]+',
    'dump'             => '[^<>\\\*\$]+',     # contents email + gecos

    ## Search
    'filter'      => '.*',                    # search subscriber
    'filter_list' => '.*',                    # search list
    'key_word'    => '.*',
    'format'      => '[^<>\\\$\n]+',          # dump format/filter string

    ## File names
    'file'          => '[^<>\*\$\n]+',
    'template_path' => '[\w\-\.\/_]+',
    'arc_file'      => '[^<>\\\*\$\n]+',
    'path'          => '[^<>\\\*\$\n]+',
    'uploaded_file' =>
        '(.*[\/\\\\])?[^<>\*\$\n]+',          # Could be precised (use of "'")
    'dir'               => '[^<>\\\*\$\n]+',
    'new_name'          => '[^<>\\\*\$\[\]\/\n]+',
    'shortname'         => '[^<>\\\*\$\n]+',
    'id'                => '[^<>\\\*\$\n]+',
    'template_name'     => Sympa::Regexps::template_name(),
    'new_template_name' => Sympa::Regexps::template_name(),
    'message_template'  => Sympa::Regexps::template_name(),
    'new_default'       => Sympa::Regexps::template_name(),

    ## Archives
    ## format is yyyy-mm for 'arc' and mm for 'send_me'
    'month' => '\d{2}|\d{4}\-\d{2}',

    ## URL
    'referer'         => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'failure_referer' => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'url'             => '[^\\\$\*\"\'\`\^\|\<\>\n]+',

    ## Msg ID
    'msgid'       => '[^\\\*\"\'\`\^\|\n]+',
    'in_reply_to' => '[^\\\*\"\'\`\^\|\n]+',
    'message_id'  => '[^\\\*\"\'\`\^\|\n]+',

    ## Password
    'passwd'       => '.+',
    'password'     => '.+',
    'newpasswd1'   => '.+',
    'newpasswd2'   => '.+',
    'new_password' => '.+',

    ## Topics
    'topic'    => '\@?[\-\w\/]+',
    'topics'   => '[\-\w\/]+',
    'subtopic' => '[\-\w\/]+',

    ## List names
    'list' => '[\w\-\.\+]*',    ## Sympa::Regexps::listname() + uppercase
    'previous_list'  => '[\w\-\.\+]*',
    'listname'       => '[\w\-\.\+]*',
    'new_listname'   => '[\w\-\.\+]*',
    'selected_lists' => '[\w\-\.\+]*',

    ## Family names
    'family_name' => Sympa::Regexps::family_name(),
    'family'      => Sympa::Regexps::family_name(),

    # Email addresses
    'current_email' => Sympa::Regexps::email(),
    'email'      => Sympa::Regexps::email() . '|' . Sympa::Regexps::uid(),
    'init_email' => Sympa::Regexps::email(),
    'old_email'  => Sympa::Regexps::email(),
    'new_email'  => Sympa::Regexps::email(),
    'sender'     => Sympa::Regexps::email(),
    'fromaddr'   => Sympa::Regexps::email(),
    'del_emails' => '.*',
    'to' => '(([\w\-\_\.\/\+\=\']+|\".*\")\s[\w\-]+(\.[\w\-]+)+(,?))*',
    'automatic_list_part_*' => '[\w\-\.\+]*',

    ## Host
    'new_robot'   => Sympa::Regexps::host(),
    'remote_host' => Sympa::Regexps::host(),
    'remote_addr' => Sympa::Regexps::host(),

    ## Scenario name
    'scenario'    => Sympa::Regexps::scenario(),
    'read_access' => Sympa::Regexps::scenario(),
    'edit_access' => Sympa::Regexps::scenario(),
    ## RSS URL or blank
    'active_lists'  => '.*',
    'latest_lists'  => '.*',
    'latest_arc'    => '.*',
    'latest_d_read' => '.*',

    ##Logs
    'target_type' => '[\w\-\.\:]*',
    'target'      => Sympa::Regexps::email(),
    'date_from'   => '[\d\/\-]+',
    'date_to'     => '[\d\/\-]+',
    'ip'          => Sympa::Regexps::host(),

    ## colors
    'subaction_test'      => '.*',
    'subaction_reset'     => '.*',
    'subaction_install'   => '.*',
    'custom_color_value'  => '\#[0-9a-fA-F]+',
    'custom_color_number' => 'color_\w+',

    ## Custom attribute
    'custom_attribute' => '.*',

    ## Templates
    'scope' => 'distrib|robot|family|list|site',

    ## Custom Inputs from create_list_request.tt2
    'custom_input' => '.*',

    ## conf parameters
    'conf_new_value' => '.*',

    ## custom actions
    'cap'  => '.*',
    'lcap' => '.*',

    'plugin' => '.*',

    ## Envelope ID
    'envid' => '\w+',

    ## Authentication/moderation key
    'authkey' => '\w+',

    # Role
    'role' => 'member|editor|owner',
);

## Regexp applied on incoming parameters (%in)
## This regular expression defines forbidden expressions applied on all
## incoming parameters
## Note that you can use the ^ and $ expressions to match beginning and ending
## of expressions
our %in_negative_regexp = ('arc_file' => '^(arctxt|\.)');

# No longer used as of 6.2.19b.
#my %filtering;

## Set locale configuration
my $language = Sympa::Language->instance;
$language->set_lang($Conf::Conf{'lang'}, 'en');

# Important to leave this there because it defined defaults for
# user_data_source
#FIXME: Is it really required?
Sympa::DatabaseManager->instance;

# Now, load all components which are implemented as plugins.  Those will
# add fields to above configuration and may do database upgrades.
$plugins->start if $plugins;

## Check that the data structure is uptodate
## If not, set the web interface to maintenance mode
my $maintenance_mode;
unless (Conf::data_structure_uptodate()) {
    $maintenance_mode = 1;
    $log->syslog('err',
        'WWSympa set to maintenance mode; you should run sympa.pl --upgrade');
} elsif (Conf::cookie_changed()) {
    $maintenance_mode = 1;
    $log->syslog('err',
        'WWSympa set to maintenance mode; sympa.conf/cookie parameter has changed.'
    );
}

our %in;
my $query;

my $birthday = [stat $PROGRAM_NAME]->[9];

my $bulk = Sympa::Bulk->new;

$log->syslog('info', 'WWSympa started, process %d', $PID);

# Now internal encoding is same as input/output.
#XXX## Set output encoding
#XXX## All outgoing strings will be recoded transparently using this charset
#XXXbinmode STDOUT, ":utf8";

#XXX## Incoming data is utf8-encoded
#XXXbinmode STDIN, ":utf8";

# Main loop.
my $loop_count = 0;
my $start_time = time;
while ($query = CGI::Fast->new) {
    $loop_count++;

    undef $param;
    undef $list;
    undef $robot;
    undef $ip;
    undef $rss;
    undef $ajax;
    undef $session;

    $log->{level} = $Conf::Conf{'log_level'};
    $language->set_lang(Sympa::best_language('*'));

    # Process grouped notifications.
    Sympa::Alarm->instance->flush;

    ## Check effective ID
    unless ($EUID eq (getpwnam(Sympa::Constants::USER))[2]) {
        $maintenance_mode = 1;
        Sympa::WWW::Report::reject_report_web('intern_quiet',
            'incorrect_server_config', {}, '', '');
        wwslog(
            'err',
            'Config error: WWSympa should run with UID %s (instead of %s). *** Switching to maintenance mode. ***',
            (getpwnam(Sympa::Constants::USER))[2],
            $EUID
        );
    }

    ## We set the real UID with the effective UID value
    ## It is useful to allow execution of scripts like alias_manager
    ## that otherwise might loose the benefit of SetUID
    $UID = $EUID;    ## UID
    $GID = $EGID;    ## GID

    unless (Sympa::DatabaseManager->instance) {
        Sympa::WWW::Report::reject_report_web('system_quiet', 'no_database', {},
            '', '');
        $log->syslog('info', 'WWSympa requires a RDBMS to run');
    }

    ## If in maintenance mode, check if the data structure is now uptodate
    if (    $maintenance_mode
        and Conf::data_structure_uptodate()
        and not Conf::cookie_changed()
        and ($EUID eq (getpwnam(Sympa::Constants::USER))[2])) {
        $maintenance_mode = undef;
        $log->syslog('notice',
            "Data structure seem updated, setting OFF maintenance mode");
    }

    ## Generate traceback if crashed.
    ## Though I don't know why, __DIE__ handler is cleared after INIT.
    Sympa::Crash::register_handler();

    ## Get params in a hash
    %in = $query->Vars;

    # Determin robot.
    # N.B. As of 6.2.15, the http_host parameter will match with the host name
    # and path locally detected by server.  If remotely detected host name
    # and / or path should be differ, the proxy must adjust them.
    $robot = Sympa::WWW::Tools::get_robot('http_host', 'wwsympa_url');

    # Default robot.
    $param->{'default_robot'} = 1
        if $robot eq $Conf::Conf{'domain'};

    $ip = $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} || 'undef';

    # Determin cookie domain.
    # In case HTTP_HOST does not match cookie_domain, use former.
    # N.B. As of 6.2.15, the cookie domain will match with the host name
    # locally detected by server.  If remotely detected name should be differ,
    # the proxy must adjust it.
    my $cookie_domain = Conf::get_robot_conf($robot, 'cookie_domain');
    my $http_host = Sympa::WWW::Tools::get_http_host() || '';
    $http_host =~ s/:\d+$//;    # Suppress port.
    unless (substr($http_host, -length($cookie_domain)) eq lc $cookie_domain
        or $cookie_domain eq 'localhost') {
        wwslog('notice',
            '(%s) Does NOT match HTTP_HOST; setting cookie_domain to %s',
            $cookie_domain, $http_host);
        $cookie_domain = $http_host;
    }
    $param->{'cookie_domain'} = $cookie_domain;

    $log->{level} = Conf::get_robot_conf($robot, 'log_level');

    ## Sympa parameters in $param->{'conf'}
    $param->{'conf'} = {};
    foreach my $p (
        'email',
        'soap_url',
        'wwsympa_url',
        'listmaster_email',
        'logo_html_definition',
        'favicon_url',
        'main_menu_custom_button_1_url',
        'main_menu_custom_button_1_title',
        'main_menu_custom_button_1_target',
        'main_menu_custom_button_2_url',
        'main_menu_custom_button_2_title',
        'main_menu_custom_button_2_target',
        'main_menu_custom_button_3_url',
        'main_menu_custom_button_3_title',
        'main_menu_custom_button_3_target',
        'static_content_url',
        'dark_color',
        'light_color',
        'text_color',
        'bg_color',
        'error_color',
        'use_blacklist',
        'antispam_feature',
        'custom_robot_parameter',
        'selected_color',
        'shaded_color',
        'color_0',
        'color_1',
        'color_2',
        'color_3',
        'color_4',
        'color_5',
        'color_6',
        'color_7',
        'color_8',
        'color_9',
        'color_10',
        'color_11',
        'color_12',
        'color_13',
        'color_14',
        'color_15',
        'reporting_spam_script_path',
        'automatic_list_families',
        'spam_protection',
        'pictures_max_size',
        ) {

        $param->{'conf'}{$p} = Conf::get_robot_conf($robot, $p);
        $param->{$p} = Conf::get_robot_conf($robot, $p)
            if $p =~ /_color\z/
            or $p =~ /\Acolor_/
            or $p =~ /_url\z/;
    }
    # Compat.: deprecated attributes of Robot.
    $param->{'conf'}{'sympa'} = Sympa::get_address($robot);
    $param->{'conf'}{'request'} = Sympa::get_address($robot, 'owner');
    # Compat <= 6.2.16: CSS related.
    $param->{'css_path'} = sprintf '%s/%s', $Conf::Conf{'css_path'}, $robot;
    $param->{'css_url'}  = sprintf '%s/%s', $Conf::Conf{'css_url'}, $robot;
    # Compat. < 6.2.32: "host" parameter was deprecated.
    $param->{'conf'}{'host'} = Conf::get_robot_conf($robot, 'domain');

    foreach my $auth (keys %{$Conf::Conf{'cas_id'}{$robot}}) {
        $log->syslog('debug2', 'CAS authentication service %s', $auth);
        $param->{'sso'}{$auth} =
            $Conf::Conf{'cas_id'}{$robot}{$auth}
            {'auth_service_friendly_name'};
    }

    foreach my $auth (keys %{$Conf::Conf{'generic_sso_id'}{$robot}}) {
        $log->syslog('debug', 'Generic SSO authentication service %s', $auth);
        $param->{'sso'}{$auth} =
            $Conf::Conf{'auth_services'}{$robot}
            [$Conf::Conf{'generic_sso_id'}{$robot}{$auth}]{'service_name'};
    }

    $param->{'sso_number'} =
        $Conf::Conf{'cas_number'}{$robot} +
        $Conf::Conf{'generic_sso_number'}{$robot};
    $param->{'use_passwd'} = $Conf::Conf{'use_passwd'}{$robot};
    $param->{'use_sso'} = 1 if ($param->{'sso_number'});
    $param->{'authentication_info_url'} =
        $Conf::Conf{'authentication_info_url'}{$robot};
    $param->{'wwsconf'} = Conf::_load_wwsconf;    #FXIME: no longer used?

    $param->{'version'} = Sympa::Constants::VERSION;
    $param->{'date'} =
        $language->gettext_strftime("%d %b %Y at %H:%M:%S", localtime time);
    $param->{'time'} =
        $language->gettext_strftime("%H:%M:%S", localtime time);

    ## Hash defining the parameters where no control is performed (because
    ## they are supposed to contain html and/or javascript).
    $param->{'htmlAllowedParam'} = {