wwsympa.fcgi.in 618 KB
Newer Older
1
#!--PERL--
2
3
4
5
# -*- indent-tabs-mode: nil; -*-
# vim:ft=perl:et:sw=4
# $Id$

6
# Sympa - SYsteme de Multi-Postage Automatique
7
8
9
10
#
# Copyright (c) 1997, 1998, 1999 Institut Pasteur & Christophe Wolfhugel
# Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
11
# Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
12
# Copyright 2017 The Sympa Community. See the AUTHORS.md file at the top-level
13
14
# directory of this distribution and at
# <https://github.com/sympa-community/sympa.git>.
15
16
17
18
19
20
21
22
23
24
25
26
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
27
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
28

29
## Copyright 1999 Comité Réseaux des Universités
root's avatar
root committed
30
## web interface to Sympa mailing lists manager
salaun's avatar
salaun committed
31
## Sympa: http://www.sympa.org/
root's avatar
root committed
32
## Authors :
salaun's avatar
   
salaun committed
33
##           Serge Aumont <sa AT cru.fr>
34
##           Olivier Salaün <os AT cru.fr>
35

36
37
use strict;
##use warnings;
38
use lib split(/:/, $ENV{SYMPALIB} || ''), '--modulesdir--';
olivier.salaun's avatar
olivier.salaun committed
39

40
use Archive::Zip qw();
41
use DateTime;
42
use DateTime::Format::Mail;
43
use Digest::MD5;
sikeda's avatar
sikeda committed
44
use Encode qw();
45
use English qw(-no_match_vars);
46
use IO::File qw();
sikeda's avatar
sikeda committed
47
use MIME::EncWords;
48
use MIME::Lite::HTML;
sikeda's avatar
sikeda committed
49
use POSIX qw();
50
use Time::Local qw();
51
use URI;
52
use Data::Dumper;    # tentative
53
BEGIN { eval 'use Crypt::OpenSSL::X509'; }
54

55
use Sympa;
56
use Sympa::Admin;
57
use Sympa::Alarm;
sikeda's avatar
sikeda committed
58
use Sympa::Archive;
59
use Sympa::Auth;
60
use Sympa::Bulk;
root's avatar
root committed
61
use Conf;
62
use Sympa::ConfDef;
63
use Sympa::Constants;
64
use Sympa::Crash Hook => \&_crash_handler;    # Show traceback.
65
use Sympa::Database;
66
use Sympa::DatabaseManager;
sikeda's avatar
sikeda committed
67
use Sympa::Family;
68
use Sympa::HTMLSanitizer;
69
use Sympa::Language;
70
use Sympa::List;
71
use Sympa::ListOpt;
72
use Sympa::Log;
73
74
use Sympa::Marc::Search;
use Sympa::Message;
sikeda's avatar
sikeda committed
75
use Sympa::Regexps;
76
use Sympa::Report;
77
use Sympa::Request;
78
79
80
use Sympa::Robot;
use Sympa::Scenario;
use Sympa::Session;
81
use Sympa::SharedDocument;
82
use Sympa::Spindle::ResendArchive;
83
use Sympa::Spool::Archive;
84
use Sympa::Spool::Auth;
85
use Sympa::Spool::Held;
86
use Sympa::Spool::Incoming;
87
use Sympa::Spool::Moderation;
88
use Sympa::Template;
89
use Sympa::Ticket;
90
91
use Sympa::Tools::Data;
use Sympa::Tools::File;
92
use Sympa::Tools::Password;
93
94
use Sympa::Tools::Text;
use Sympa::Tools::WWW;
95
use Sympa::Topic;
96
use Sympa::Tracking;
sikeda's avatar
sikeda committed
97
use Sympa::User;
root's avatar
root committed
98
99

## WWSympa librairies
100
my %options;
root's avatar
root committed
101

102
my $sympa_conf_file = Sympa::Constants::CONFIG;
root's avatar
root committed
103

104
105
106
107
108
109
# Used via the Sympa::Plugin interface
our $list;
our $param = {};
our $robot_id;
our $session;
our $plugins;
110

salaun's avatar
salaun committed
111
my $loop = 0;
112
my ($robot, $robot_object);
113
my $ip;
114
my $rss;
115
my $ajax;
salaun's avatar
salaun committed
116

117
my $allow_absolute_path;    #FIXME: to be removed in the future.
118
my @other_include_path;     #FIXME: ditto.
119

root's avatar
root committed
120
## Load sympa config
121
unless (Conf::load()) {
122
    printf STDERR
123
124
        "Unable to load sympa configuration, file %s or one of the vhost robot.conf files contain errors. Exiting.\n",
        Conf::get_sympa_conf();
125
    exit 1;
root's avatar
root committed
126
127
}

128
129
130
131
132
# Open log
my $log = Sympa::Log->instance;
$log->{level} = $Conf::Conf{'log_level'};
$log->openlog($Conf::Conf{'log_facility'} || $Conf::Conf{'syslog'},
    $Conf::Conf{'log_socket_type'});
133

134
## Start plugins
135
if (eval "require Sympa::Plugin::Manager") {
136
137
138
    $plugins = Sympa::Plugin::Manager->new(application => 'website');
}

139
Sympa::Alarm->instance->{use_bulk} = 1;
root's avatar
root committed
140

141
if ($Conf::Conf{'use_fast_cgi'}) {
root's avatar
root committed
142
    require CGI::Fast;
143
} else {
root's avatar
root committed
144
145
    require CGI;
}
146

root's avatar
root committed
147
148
149
150
151
152
153
154
155
156
# hash of all the description files already loaded
# format :
#     $desc_files{pathfile}{'date'} : date of the last load
#     $desc_files{pathfile}{'desc_hash'} : hash which describes
#                         the description file

#%desc_files_map; NOT USED ANYMORE

## Shared directory and description file

157
158
#$shared = 'shared';
#$desc = '.desc';
root's avatar
root committed
159
160

## subroutines
161
our %comm = (
162
    'confirm_action'         => 'do_confirm_action',
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
    'home'                   => 'do_home',
    'logout'                 => 'do_logout',
    'loginrequest'           => 'do_loginrequest',
    'login'                  => 'do_login',
    'sso_login'              => 'do_sso_login',
    'sso_login_succeeded'    => 'do_sso_login_succeeded',
    'subscribe'              => 'do_subscribe',
    'multiple_subscribe'     => 'do_multiple_subscribe',
    'subrequest'             => 'do_subrequest',
    'subindex'               => 'do_subindex',
    'suboptions'             => 'do_suboptions',
    'signoff'                => 'do_signoff',
    'auto_signoff'           => 'do_auto_signoff',
    'family_signoff'         => 'do_family_signoff',
    'family_signoff_request' => 'do_family_signoff_request',
    #XXX'multiple_signoff' => 'do_multiple_signoff',
179
180
181
182
183
    'sigrequest' => 'do_sigrequest',
    'sigindex'   => 'do_sigindex',
    'ignoresub'  => 'do_ignoresub',
    'ignoresig'  => 'do_ignoresig',
    'my'         => 'do_my',
184
    #'which' => 'do_which',
185
    'lists'            => 'do_lists',
186
    'lists_categories' => 'do_lists_categories',
187
188
    'latest_lists'     => 'do_latest_lists',
    'active_lists'     => 'do_active_lists',
189
    'including_lists'  => 'do_including_lists',
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
    'info'             => 'do_info',
    'subscriber_count' => 'do_subscriber_count',
    'review'           => 'do_review',
    'search'           => 'do_search',
    'pref',            => 'do_pref',
    'setpref'          => 'do_setpref',
    'setpasswd'        => 'do_setpasswd',
    'renewpasswd'      => 'do_renewpasswd',
    'firstpasswd'      => 'do_firstpasswd',
    'requestpasswd'    => 'do_requestpasswd',
    'choosepasswd'     => 'do_choosepasswd',
    'viewfile'         => 'do_viewfile',
    'set'              => 'do_set',
    'admin'            => 'do_admin',
    'add_request'      => 'do_add_request',
    'add'              => 'do_add',
206
    'add_fromsub'      => 'do_add_fromsub',
207
    'del'              => 'do_del',
208
    'del_fromsig'      => 'do_del_fromsig',
209
    'modindex'         => 'do_modindex',
210
    'docindex'         => 'do_docindex',
211
212
213
214
215
216
217
    'reject'           => 'do_reject',
    #XXX'reject_notify' => 'do_reject_notify',
    'distribute'      => 'do_distribute',
    'add_frommod'     => 'do_add_frommod',
    'viewmod'         => 'do_viewmod',
    'd_reject_shared' => 'do_d_reject_shared',
    #XXX'reject_notify_shared' => 'do_reject_notify_shared',
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
    'd_install_shared'  => 'do_d_install_shared',
    'editfile'          => 'do_editfile',
    'savefile'          => 'do_savefile',
    'arc'               => 'do_arc',
    'latest_arc'        => 'do_latest_arc',
    'latest_d_read'     => 'do_latest_d_read',
    'arc_manage'        => 'do_arc_manage',
    'remove_arc'        => 'do_remove_arc',
    'send_me'           => 'do_send_me',
    'view_source'       => 'do_view_source',
    'tracking'          => 'do_tracking',
    'arcsearch_form'    => 'do_arcsearch_form',
    'arcsearch_id'      => 'do_arcsearch_id',
    'arcsearch'         => 'do_arcsearch',
    'rebuildarc'        => 'do_rebuildarc',
    'rebuildallarc'     => 'do_rebuildallarc',
    'arc_download'      => 'do_arc_download',
    'arc_delete'        => 'do_arc_delete',
    'serveradmin'       => 'do_serveradmin',
    'set_loglevel'      => 'do_set_loglevel',
    'set_dumpvars'      => 'do_set_dumpvars',
    'show_sessions'     => 'do_show_sessions',
    'unset_dumpvars'    => 'do_unset_dumpvars',
    'set_session_email' => 'do_set_session_email',
    'restore_email'     => 'do_restore_email',
    'skinsedit'         => 'do_skinsedit',
244
    #XXX'css' => 'do_css',
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
    'help'                     => 'do_help',
    'edit_list_request'        => 'do_edit_list_request',
    'edit_list'                => 'do_edit_list',
    'create_list_request'      => 'do_create_list_request',
    'create_list'              => 'do_create_list',
    'get_pending_lists'        => 'do_get_pending_lists',
    'get_closed_lists'         => 'do_get_closed_lists',
    'get_latest_lists'         => 'do_get_latest_lists',
    'get_inactive_lists'       => 'do_get_inactive_lists',
    'get_biggest_lists'        => 'do_get_biggest_lists',
    'set_pending_list_request' => 'do_set_pending_list_request',
    'install_pending_list'     => 'do_install_pending_list',
    'edit_config'              => 'do_edit_config',
    #XXX'submit_list' => 'do_submit_list',
    'editsubscriber'       => 'do_editsubscriber',
    'viewbounce'           => 'do_viewbounce',
    'redirect'             => 'do_redirect',
    'rename_list_request'  => 'do_rename_list_request',
    'rename_list'          => 'do_rename_list',
    'copy_list'            => 'do_copy_list',
    'reviewbouncing'       => 'do_reviewbouncing',
    'resetbounce'          => 'do_resetbounce',
    'scenario_test'        => 'do_scenario_test',
    'search_list'          => 'do_search_list',
269
    'search_list_request'  => 'do_search_list_request',
270
271
272
273
274
275
276
277
    'show_cert'            => 'do_show_cert',
    'close_list_request'   => 'do_close_list_request',
    'close_list'           => 'do_close_list',
    'purge_list'           => 'do_purge_list',
    'restore_list'         => 'do_restore_list',
    'upload_pictures'      => 'do_upload_pictures',
    'delete_pictures'      => 'do_delete_pictures',
    'd_read'               => 'do_d_read',
278
    'd_create_child'       => 'do_d_create_child',
279
280
281
    'd_unzip'              => 'do_d_unzip',
    'd_editfile'           => 'do_d_editfile',
    'd_properties'         => 'do_d_properties',
282
    'd_update'             => 'do_d_update',
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
    'd_describe'           => 'do_d_describe',
    'd_delete'             => 'do_d_delete',
    'd_rename'             => 'do_d_rename',
    'd_control'            => 'do_d_control',
    'd_change_access'      => 'do_d_change_access',
    'd_set_owner'          => 'do_d_set_owner',
    'd_admin'              => 'do_d_admin',
    'dump_scenario'        => 'do_dump_scenario',
    'dump'                 => 'do_dump',
    'remind'               => 'do_remind',
    'change_email'         => 'do_change_email',
    'change_email_request' => 'do_change_email_request',
    'load_cert'            => 'do_load_cert',
    'compose_mail'         => 'do_compose_mail',
    'send_mail'            => 'do_send_mail',
    'request_topic'        => 'do_request_topic',
    'tag_topic_by_sender'  => 'do_tag_topic_by_sender',
    'search_user'          => 'do_search_user',
    'set_lang'             => 'do_set_lang',
    'attach'               => 'do_attach',
    'stats'                => 'do_stats',
    'viewlogs'             => 'do_viewlogs',
    'wsdl'                 => 'do_wsdl',
    'sync_include'         => 'do_sync_include',
    'review_family'        => 'do_review_family',
    'ls_templates'         => 'do_ls_templates',
    'remove_template'      => 'do_remove_template',
    'copy_template'        => 'do_copy_template',
    'view_template'        => 'do_view_template',
    'edit_template'        => 'do_edit_template',
    #'rss' => 'do_rss', #FIXME:Currently processed in differenct way.
    'rss_request'     => 'do_rss_request',
    'maintenance'     => 'do_maintenance',
    'blacklist'       => 'do_blacklist',
    'edit_attributes' => 'do_edit_attributes',
    'ticket'          => 'do_ticket',
    'manage_template' => 'do_manage_template',
320
321
322
323
324
    'rt_create'       => 'do_rt_create',
    'rt_delete'       => 'do_rt_delete',
    'rt_edit'         => 'do_rt_edit',
    'rt_setdefault'   => 'do_rt_setdefault',
    'rt_update'       => 'do_rt_update',
325
    #XXX'send_newsletter' => 'do_send_newsletter',
sikeda's avatar
sikeda committed
326
    'suspend'                => 'do_suspend',
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
    'suspend_request'        => 'do_suspend_request',
    'suspend_request_action' => 'do_suspend_request_action',
    'show_exclude'           => 'do_show_exclude',
    # 'ca' stands for 'custom_action'. I used a short name to make it discrete
    # in a URL.
    'ca' => 'do_ca',
    # 'lca' stands for 'list_custom_action'. I used a short name to make it
    # discrete in a URL.
    'lca' => 'do_lca',
    'automatic_lists_management_request' =>
        'do_automatic_lists_management_request',
    'automatic_lists_management' => 'do_automatic_lists_management',
    'automatic_lists_request'    => 'do_automatic_lists_request',
    'automatic_lists'            => 'do_automatic_lists',
);

my %auth_action = (
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'renewpasswd'         => 1,
    'firstpasswd'         => 1,
    'choosepasswd'        => 1,
    'sendssopasswd'       => 1,    #FIXME: currently not used
    'ticket'              => 1,
);

356
357
358
359
360
361
# Arguments awaited in the PATH_INFO, depending on the action.
# NOTE:
# * The email addresses should NOT be embedded in PATH_INFO, because included
#   slashes (/) cannot be handled correctly by web servers. They are kept just
#   for compatibility to earlier releases of Sympa.  Use query parameters
#   instead.
362
363
364
365
our %action_args = (
    'default'       => ['list'],
    'editfile'      => ['list', 'file', 'previous_action'],
    'requestpasswd' => ['email'],
sikeda's avatar
sikeda committed
366
367
368
369
    'choosepasswd'    => ['email', 'passwd'],
    'lists'           => ['topic', 'subtopic'],
    'latest_lists'    => ['topic', 'subtopic'],
    'active_lists'    => ['topic', 'subtopic'],
370
    'including_lists' => ['list'],
sikeda's avatar
sikeda committed
371
    'login' => ['email', 'passwd', 'previous_action', 'previous_list'],
372
373
374
    'sso_login' => ['auth_service_name', 'subaction', 'email', 'ticket'],
    'sso_login_succeeded' =>
        ['auth_service_name', 'previous_action', 'previous_list'],
375
376
377
378
    'loginrequest' => ['previous_action', 'previous_list'],
    'logout'       => ['previous_action', 'previous_list'],
    'renewpasswd'  => ['previous_action', 'previous_list'],
    'firstpasswd'  => ['previous_action', 'previous_list'],
379
    #XXX'css' => ['file'],
380
381
382
383
384
385
386
387
    'pref'             => ['previous_action', 'previous_list'],
    'reject'           => ['list',            'id'],
    'distribute'       => ['list',            'id'],
    'add_frommod'      => ['list',            'id'],
    'dump_scenario'    => ['list',            'pname'],
    'd_reject_shared'  => ['list',            'id'],
    'd_install_shared' => ['list',            'id'],
    'modindex'         => ['list'],
388
    'docindex'         => ['list'],
389
390
391
392
393
    'viewmod'     => ['list', 'id', '@file'],
    'viewfile'    => ['list', 'file'],
    'add'         => ['list', 'email'],
    'add_request' => ['list'],
    'del' => ['list', 'email'],
394
395
396
    #'editsubscriber' =>
    #    ['list', 'email', 'previous_action', 'custom_attribute'],
    #'editsubscriber' => ['list', 'email', 'previous_action'],
397
398
    #'viewbounce' => ['list', 'email', '@file'],
    'viewbounce' => ['list', 'dir', '@file'],
399
    #'resetbounce'    => ['list', 'email'],
400
    'review'         => ['list', 'page',  'size', 'sortby'],
401
402
403
404
405
    'reviewbouncing' => ['list', 'page',  'size'],
    'arc'            => ['list', 'month', '@arc_file'],
    'latest_arc'     => ['list'],
    'arc_manage'     => ['list'],
    'arcsearch_form' => ['list', 'archive_name'],
406
    'arcsearch_id'   => ['list', 'archive_name', '@msgid'],
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
    'rebuildarc'     => ['list', 'month'],
    'rebuildallarc' => [],
    'arc_download'  => ['list'],
    'arc_delete'    => ['list', 'zip'],
    'home'          => [],
    'help'          => ['help_topic'],
    'show_cert'     => [],
    'subscribe'     => ['list', 'email', 'passwd'],
    #'subrequest' => ['list','email'],
    'subrequest' => ['list'],
    'subindex'   => ['list'],
    'ignoresub'  => ['list', '@email', '@gecos'],
    'signoff'    => ['list', 'email', 'passwd'],
    'auto_signoff'           => ['list',   'email'],
    'family_signoff'         => ['family', 'email'],
    'family_signoff_request' => ['family', 'email'],
    'sigrequest'             => ['list',   'email'],
424
425
426
    'sigindex'               => ['list'],
    'ignoresig'              => ['list',   '@email'],
    'set'                => ['list', 'email', 'reception', 'gecos'],
427
428
429
430
431
432
433
434
    'serveradmin'        => ['subaction'],
    'set_session_email'  => ['email'],
    'skinsedit'          => [],
    'get_pending_lists'  => [],
    'get_closed_lists'   => [],
    'get_latest_lists'   => [],
    'get_inactive_lists' => [],
    'get_biggest_lists'  => [],
sikeda's avatar
sikeda committed
435
    'search_list'        => ['filter_list'],
sikeda's avatar
sikeda committed
436
437
438
439
440
441
    'shared'          => ['list', '@path'],     #FIXME: no such function.
    'd_read'          => ['list', '@path'],
    'latest_d_read'   => ['list'],
    'd_admin'         => ['list', 'd_admin'],
    'd_delete'        => ['list', '@path'],
    'd_rename'        => ['list', '@path'],
442
    'd_create_child'  => ['list', '@path'],
443
    'd_update'        => ['list', '@path'],
sikeda's avatar
sikeda committed
444
445
446
447
448
449
450
451
452
453
454
455
    'd_describe'      => ['list', '@path'],
    'd_editfile'      => ['list', '@path'],
    'd_properties'    => ['list', '@path'],
    'd_control'       => ['list', '@path'],
    'd_change_access' => ['list', '@path'],
    'd_set_owner'     => ['list', '@path'],
    'dump'            => ['list', 'format'],
    'search'          => ['list', 'filter'],
    'search_user'     => ['email'],
    'set_lang'        => ['lang'],
    'attach' => ['list', 'dir', 'file'],
    'stats'  => ['list'],
456
    'edit_list_request' => ['list', 'group'],
457
458
    'rename_list'       => ['list', 'new_listname', 'new_robot'],
    'copy_list'         => ['list', 'new_listname', 'new_robot'],
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
    'redirect'        => [],
    'viewlogs'        => ['list', 'page', 'size', 'sortby'],
    'wsdl'            => [],
    'sync_include'    => ['list'],
    'review_family'   => ['family_name'],
    'ls_templates'    => ['list'],
    'view_template'   => [],
    'remove_template' => [],
    'copy_template'   => ['list'],
    'edit_template'   => ['list'],
    'rss_request'     => ['list'],
    'request_topic'       => ['list', 'authkey'],
    'tag_topic_by_sender' => ['list'],
    'multiple_subscribe'  => ['lists'],
    'multiple_signoff'    => ['lists'],
    'ticket'              => ['ticket'],
    'change_email'        => ['email'],
    'manage_template' => ['subaction', 'list', 'message_template'],
477
478
    'rt_delete'       => ['list',          'message_template'],
    'rt_edit'         => ['list',          'message_template'],
479
480
    'send_newsletter' => [],
    'compose_mail'    => ['list',          'subaction'],
sikeda's avatar
sikeda committed
481
    'suspend'         => ['list'],
482
483
484
485
486
487
488
489
490
    'suspend_request' => ['subaction'],
    'show_exclude'    => ['list'],
    'ca'              => ['custom_action', '@cap'],
    'lca'                                => ['custom_action', 'list', '@cap'],
    'automatic_lists_management_request' => [],
    'automatic_lists_management'         => [],
    'automatic_lists_request'            => ['family'],
    'automatic_lists'                    => [],
);
root's avatar
root committed
491

492
## Define the required parameters for each action
493
494
## Parameter names refer to the %in structure of to $param if mentionned as
## 'param.x'
495
496
## This structure is used to determine if any parameter is missing
## The list of parameters is not ordered
497
498
499
## Some keywords are reserved: param.list and param.user.email
## Alternate parameters can be defined with the '|' character
## Limits of this structure: it does not define optional parameters (a or b)
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
## Limit: it does not allow to have a specific error message and redirect to a
## given page if the parameter is missing
our %required_args = (
    'active_lists'            => ['for|count'],
    'admin'                   => ['param.list', 'param.user.email'],
    'add'                     => ['param.list', 'param.user.email'],
    'add_request'             => ['param.list', 'param.user.email'],
    'arc'                     => ['param.list'],
    'arc_delete'              => ['param.user.email', 'param.list'],
    'arc_download'            => ['param.user.email', 'param.list'],
    'arc_manage'              => ['param.list'],
    'arcsearch'               => ['param.list'],
    'arcsearch_form'          => ['param.list'],
    'arcsearch_id'            => ['param.list'],
    'automatic_lists_request' => ['family'],
    'automatic_lists'         => ['family'],
    'attach'                  => ['param.list'],
    'blacklist'               => ['param.list'],
    'change_email'            => ['param.user.email'],
    'change_email_request'    => ['param.user.email', 'new_email'],
    'close_list'              => ['param.user.email', 'param.list'],
    'close_list_request'      => ['param.user.email', 'param.list'],
    'compose_mail'            => ['param.user.email', 'param.list'],
    'copy_template'           => ['webormail'],
    ## other required parameters are checked in the subroutine
    'create_list'         => ['param.user.email'],
    'create_list_request' => ['param.user.email'],
527
    #XXX'css' => [],
528
529
530
531
532
    'd_admin'         => ['param.list', 'param.user.email'],
    'd_change_access' => ['param.list', 'param.user.email'],
    'd_control'       => ['param.list', 'param.user.email'],
    'd_create_child' =>
        ['param.list', 'param.user.email', 'new_name|uploaded_file'],
533
534
535
536
537
538
539
540
    'd_delete'         => ['param.list', 'param.user.email'],
    'd_describe'       => ['param.list', 'param.user.email', 'content'],
    'd_editfile'       => ['param.list', 'param.user.email'],
    'd_install_shared' => ['param.list', 'param.user.email', 'id'],
    'd_properties'     => ['param.list', 'param.user.email'],
    'd_read'          => ['param.list'],
    'd_reject_shared' => ['param.list', 'param.user.email', 'id'],
    'd_rename'        => ['param.list', 'param.user.email', 'new_name'],
541
    'd_update' =>
542
        ['param.list', 'param.user.email', 'content|url|uploaded_file'],
543
    'd_set_owner'     => ['param.list', 'param.user.email'],
sikeda's avatar
sikeda committed
544
    'd_unzip'         => ['param.list', 'param.user.email', 'uploaded_file'],
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
    'del'             => ['param.list', 'param.user.email', 'email'],
    'delete_pictures' => ['param.list', 'param.user.email'],
    'distribute'      => ['param.list', 'param.user.email', 'id|idspam'],
    'add_frommod'     => ['param.list', 'param.user.email', 'id'],
    'dump'               => ['param.list'],
    'dump_scenario'      => ['param.list', 'pname'],
    'edit_list'          => ['param.user.email', 'param.list'],
    'edit_list_request'  => ['param.user.email', 'param.list'],
    'edit_template'      => ['webormail'],
    'editfile'           => ['param.user.email'],
    'editsubscriber'     => ['param.list', 'param.user.email', 'email'],
    'get_closed_lists'   => ['param.user.email'],
    'get_inactive_lists' => ['param.user.email'],
    'get_latest_lists'   => ['param.user.email'],
    'get_biggest_lists'  => ['param.user.email'],
    'get_pending_lists'  => ['param.user.email'],
561
    'ignoresig'            => ['param.list', 'param.user.email'],
562
    'ignoresub'            => ['param.list', 'param.user.email'],
563
    'including_lists'      => ['param.list', 'param.user.email'],
564
565
566
567
568
569
570
571
    'info'                 => ['param.list'],
    'install_pending_list' => ['param.user.email'],
    'edit_config'          => ['param.user.email'],
    'latest_arc'           => ['param.list', 'for|count'],
    'latest_d_read' => ['param.list', 'for', 'count'],
    'latest_lists'  => ['for|count'],
    'load_cert'     => ['param.list'],
    'logout'        => ['param.user.email'],
572
573
574
575
576
577
578
    'manage_template' => ['param.list', 'param.user.email'],
    'rt_create' => ['param.list', 'param.user.email', 'new_template_name'],
    'rt_delete'     => ['param.list', 'param.user.email', 'message_template'],
    'rt_edit'       => ['param.list', 'param.user.email', 'message_template'],
    'rt_setdefault' => ['param.list', 'param.user.email', 'new_default'],
    'rt_update' =>
        ['param.list', 'param.user.email', 'message_template', 'content'],
579
    'modindex'           => ['param.list',       'param.user.email'],
580
    'docindex'           => ['param.list',       'param.user.email'],
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
    'multiple_subscribe' => ['param.list'],
    'pref'               => ['param.user.email'],
    'purge_list'         => ['param.user.email', 'selected_lists'],
    'rebuildallarc'      => ['param.user.email'],
    'rebuildarc'         => ['param.user.email', 'param.list'],
    'reject'          => ['param.list', 'param.user.email', 'id|idspam'],
    'remind'          => ['param.list', 'param.user.email'],
    'remove_arc'      => ['param.list'],
    'remove_template' => ['webormail'],
    'rename_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'copy_list' =>
        ['param.user.email', 'param.list', 'new_listname', 'new_robot'],
    'rename_list_request' => ['param.user.email', 'param.list'],
    'request_topic'       => ['param.list',       'authkey'],
    'resetbounce'  => ['param.list',       'param.user.email', 'email'],
    'restore_list' => ['param.user.email', 'param.list'],
    'review'          => ['param.list'],
    'review_family'   => ['param.user.email', 'family_name'],
    'reviewbouncing'  => ['param.list'],
    'rss_request'     => [],
    'savefile'        => ['param.user.email', 'file'],
    'search'          => ['param.list', 'filter'],
    'search_user'     => ['param.user.email', 'email'],
    'send_mail'       => ['param.user.email'],
    'send_newsletter' => ['param.list', 'param.user.email', 'url'],
    'send_me'         => ['param.list'],
    'view_source'     => ['param.list'],
    'tracking'        => ['param.list'],
    'requestpasswd'   => ['email'],
    'serveradmin'     => ['param.user.email'],
    'set'      => ['param.list', 'reception|visibility'],
    'set_lang' => [],
    'set_pending_list_request' => ['param.user.email'],
sikeda's avatar
sikeda committed
615
616
617
618
619
620
621
622
    'setpasswd' => ['param.user.email', 'newpasswd1', 'newpasswd2'],
    'setpref'   => ['param.user.email'],
    'sigindex'               => ['param.list',       'param.user.email'],
    'signoff'                => ['param.list'],
    'sigrequest'             => ['param.list'],
    'skinsedit'              => ['param.user.email'],
    'sso_login'              => ['auth_service_name'],
    'stats'                  => ['param.list'],
623
624
625
626
627
    'subindex'               => ['param.list',       'param.user.email'],
    'suboptions'             => ['param.list',       'param.user.email'],
    'subrequest'             => ['param.list'],
    'subscribe'              => ['param.list'],
    'subscriber_count'       => ['param.list'],
sikeda's avatar
sikeda committed
628
    'suspend'                => ['param.list',       'param.user.email'],
629
630
631
632
633
634
635
    'suspend_request'        => [],
    'suspend_request_action' => [],
    'show_exclude'           => ['param.list'],
    'sync_include'           => ['param.list',       'param.user.email'],
    'tag_topic_by_sender'    => ['param.list'],
    'upload_pictures'        => ['param.user.email', 'param.list'],
    'view_template'          => ['webormail'],
636
    'viewbounce'             => ['param.list',       'email|file'],
637
638
639
640
    'viewfile'               => ['file',             'param.list'],
    'viewlogs'               => ['param.list'],
    'viewmod' => ['param.list', 'param.user.email', 'id|idspam'],
    'wsdl'    => [],
641
    #'which' => ['param.user.email'],
642
);
643
644
645

## Defines the required privileges to access privileged actions
## You can define a set ofequiivalent privileges in the ARRAYREF
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
our %required_privileges = (
    'admin'              => ['owner',  'editor'],
    'arc_delete'         => ['owner'],
    'arc_download'       => ['owner'],
    'arc_manage'         => ['owner'],
    'blacklist'          => ['owner',  'editor'],
    'close_list'         => ['privileged_owner'],
    'close_list_request' => ['privileged_owner'],
    'copy_template'      => ['listmaster'],
    'd_install_shared'   => ['editor', 'owner'],
    'd_reject_shared'    => ['editor', 'owner'],
    'distribute'        => ['editor', 'owner', 'listmaster'],
    'add_frommod'       => ['editor', 'owner'],
    'dump_scenario'     => ['listmaster'],
    'edit_list'         => ['owner'],
    'edit_list_request' => ['owner'],
    'edit_template'     => ['listmaster'],
    'editsubscriber'       => ['owner', 'editor'],
    'get_closed_lists'     => ['listmaster'],
    'get_inactive_lists'   => ['listmaster'],
    'get_latest_lists'     => ['listmaster'],
    'get_biggest_lists'    => ['listmaster'],
    'get_pending_lists'    => ['listmaster'],
669
    'ignoresig'            => ['owner', 'editor'],
670
    'ignoresub'            => ['owner', 'editor'],
671
    'including_lists'      => ['owner', 'listmaster'],
672
673
674
675
    'install_pending_list' => ['listmaster'],
    'edit_config'          => ['listmaster'],
    'ls_templates'         => ['listmaster'],
    'manage_template'      => ['owner'],
676
677
678
679
680
    'rt_create'            => ['owner'],
    'rt_delete'            => ['owner'],
    'rt_edit'              => ['owner'],
    'rt_setdefault'        => ['owner'],
    'rt_update'            => ['owner'],
681
    'modindex'        => ['editor',           'owner', 'listmaster'],
682
    'docindex'        => ['editor',           'owner', 'listmaster'],
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
    'purge_list'      => ['privileged_owner', 'listmaster'],
    'rebuildallarc'   => ['listmaster'],
    'rebuildarc'      => ['listmaster'],
    'reject'          => ['editor',           'owner', 'listmaster'],
    'remove_template' => ['listmaster'],
    'rename_list'     => ['privileged_owner'],
    'copy_list'                => ['owner', 'listmaster'],
    'rename_list_request'      => ['privileged_owner'],
    'resetbounce'              => ['owner', 'editor'],
    'restore_list'             => ['listmaster'],
    'review_family'            => ['listmaster'],
    'reviewbouncing'           => ['owner', 'editor'],
    'search_user'              => ['listmaster'],
    'serveradmin'              => ['listmaster'],
    'set_dumpvars'             => ['listmaster'],
    'set_loglevel'             => ['listmaster'],
    'set_pending_list_request' => ['listmaster'],
    'set_session_email'        => ['listmaster'],
    'show_sessions'            => ['listmaster'],
702
    'sigindex'                 => ['owner', 'editor'],
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
    'stats'                    => ['owner'],
    'subindex'                 => ['owner', 'editor'],
    'sync_include'             => ['owner', 'editor'],
    'skinsedit'                => ['listmaster'],
    'view_template'            => ['listmaster'],
    'viewbounce'               => ['owner', 'editor'],
    'viewlogs'                 => ['owner', 'editor'],
    'viewmod' => ['editor', 'owner', 'listmaster'],
    'automatic_lists_management_request' => ['listmaster'],
    'automatic_lists_management'         => ['listmaster'],
);

# this definition is used to choose the left side menu type (admin ->
# listowner admin menu | serveradmin -> server_admin menu | none list or
# your_list menu)
718
my %action_type = (
719
720
721
722
723
724
725
    'review'      => 'admin',
    'search'      => 'admin',
    'viewfile'    => 'admin',
    'admin'       => 'admin',
    'add_request' => 'admin',
    'add'         => 'admin',
    'del'         => 'admin',
726
    # 'modindex' =>'admin',
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
    'reject'             => 'admin',
    'reject_notify'      => 'admin',
    'distribute'         => 'admin',
    'add_frommod'        => 'admin',
    'viewmod'            => 'admin',
    'savefile'           => 'admin',
    'rebuildallarc'      => 'admin',    #FIXME: serveradmin?
    'reviewbouncing'     => 'admin',
    'edit_list_request'  => 'admin',
    'edit_list'          => 'admin',
    'editsubscriber'     => 'admin',
    'viewbounce'         => 'admin',
    'resetbounce'        => 'admin',
    'scenario_test'      => 'admin',
    'close_list_request' => 'admin',
    'close_list'         => 'admin',
    'restore_list'       => 'admin',
    'd_admin'            => 'admin',
    'd_reject_shared'    => 'admin',
    'd_install_shared'   => 'admin',
    'dump_scenario'      => 'admin',
    'dump'               => 'admin',
    'remind'             => 'admin',
750
    #'subindex' => 'admin',
751
    'stats'                              => 'admin',
752
    'ignoresig'                          => 'admin',
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
    'ignoresub'                          => 'admin',
    'rename_list'                        => 'admin',
    'copy_list'                          => 'admin',
    'rename_list_request'                => 'admin',
    'arc_manage'                         => 'admin',
    'sync_include'                       => 'admin',
    'view_template'                      => 'admin',
    'remove_template'                    => 'admin',
    'copy_template'                      => 'admin',
    'edit_template'                      => 'admin',
    'blacklist'                          => 'admin',
    'viewlogs'                           => 'admin',
    'serveradmin'                        => 'serveradmin',
    'get_pending_lists'                  => 'serveradmin',
    'get_closed_lists'                   => 'serveradmin',
    'get_inactive_lists'                 => 'serveradmin',
    'get_latest_lists'                   => 'serveradmin',
    'get_biggest_lists'                  => 'serveradmin',
    'ls_templates'                       => 'serveradmin',
    'skinsedit'                          => 'serveradmin',
    'review_family'                      => 'serveradmin',
    'search_user'                        => 'serveradmin',
    'show_sessions'                      => 'serveradmin',
    'show_exclude'                       => 'admin',
    'rebuildarc'                         => 'serveradmin',
    'set_session_email'                  => 'serveradmin',
    'set_loglevel'                       => 'serveradmin',
    'editfile'                           => 'serveradmin',    #FIXME: admin?
    'unset_dumpvars'                     => 'serveradmin',
    'set_dumpvars'                       => 'serveradmin',
    'automatic_lists_management_request' => 'serveradmin',
    'automatic_lists_management'         => 'serveradmin',
785
);
root's avatar
root committed
786

787
# Actions that are not used in return of login,
788
my %temporary_actions = (
789
    'confirm_action'      => 1,
790
791
792
793
794
795
    'logout'              => 1,
    'loginrequest'        => 1,
    'login'               => 1,
    'sso_login'           => 1,
    'sso_login_succeeded' => 1,
    'ticket'              => 1,
796
    #XXX'css' => 1,
797
798
799
800
    'rss'      => 1,    # FIXME:currently not used.
    'ajax'     => 1,
    'wsdl'     => 1,
    'redirect' => 1,
801
);
802

803
804
805
## Regexp applied on incoming parameters (%in)
## The aim is not a strict definition of parameter format
## but rather a security check
806
our %in_regexp = (
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
    ## Default regexp
    '*' => '[\w\-\.]+',

    ## List config parameters
    'single_param'   => '.+',
    'multiple_param' => '.+',

    ## Textarea content
    'template_content'     => '.+',
    'content'              => '.+',
    'body'                 => '.+',
    'info'                 => '.+',
    'new_scenario_content' => '.+',
    'blacklist'            => '.*',

    ## Integer
    'page' => '\d+',
    'size' => '\d+',

    ## Free data
    'subject'          => '.*',
    'gecos'            => '[^<>\\\*\$\n]+',
    'fromname'         => '[^<>\\\*\$\n]+',
    'additional_field' => '[^<>\\\*\$\n]+',
    'dump'             => '[^<>\\\*\$]+',     # contents email + gecos

    ## Search
834
    'filter'      => '.*',                    # search subscriber
sikeda's avatar
sikeda committed
835
    'filter_list' => '.*',                    # search list
836
837
    'key_word'    => '.*',
    'format'      => '[^<>\\\$\n]+',          # dump format/filter string
838
839
840
841
842
843
844
845
846

    ## File names
    'file'          => '[^<>\*\$\n]+',
    'template_path' => '[\w\-\.\/_]+',
    'arc_file'      => '[^<>\\\*\$\n]+',
    'path'          => '[^<>\\\*\$\n]+',
    'uploaded_file' =>
        '(.*[\/\\\\])?[^<>\*\$\n]+',          # Could be precised (use of "'")
    'dir'               => '[^<>\\\*\$\n]+',
847
    'new_name'          => '[^<>\\\*\$\[\]\/\n]+',
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
    'shortname'         => '[^<>\\\*\$\n]+',
    'id'                => '[^<>\\\*\$\n]+',
    'template_name'     => Sympa::Regexps::template_name(),
    'new_template_name' => Sympa::Regexps::template_name(),
    'message_template'  => Sympa::Regexps::template_name(),
    'new_default'       => Sympa::Regexps::template_name(),

    ## Archives
    ## format is yyyy-mm for 'arc' and mm for 'send_me'
    'month' => '\d{2}|\d{4}\-\d{2}',

    ## URL
    'referer'         => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'failure_referer' => '[^\\\$\*\"\'\`\^\|\<\>\n]+',
    'url'             => '[^\\\$\*\"\'\`\^\|\<\>\n]+',

    ## Msg ID
    'msgid'       => '[^\\\*\"\'\`\^\|\n]+',
    'in_reply_to' => '[^\\\*\"\'\`\^\|\n]+',
    'message_id'  => '[^\\\*\"\'\`\^\|\n]+',

    ## Password
    'passwd'       => '.+',
    'password'     => '.+',
    'newpasswd1'   => '.+',
    'newpasswd2'   => '.+',
    'new_password' => '.+',

    ## Topics
877
    'topic'    => '\@?[\-\w\/]+',
878
879
880
881
882
883
884
885
886
887
888
889
890
891
    'topics'   => '[\-\w\/]+',
    'subtopic' => '[\-\w\/]+',

    ## List names
    'list' => '[\w\-\.\+]*',    ## Sympa::Regexps::listname() + uppercase
    'previous_list'  => '[\w\-\.\+]*',
    'listname'       => '[\w\-\.\+]*',
    'new_listname'   => '[\w\-\.\+]*',
    'selected_lists' => '[\w\-\.\+]*',

    ## Family names
    'family_name' => Sympa::Regexps::family_name(),
    'family'      => Sympa::Regexps::family_name(),

892
893
894
895
896
897
898
899
    # Email addresses
    'email'      => Sympa::Regexps::email() . '|' . Sympa::Regexps::uid(),
    'init_email' => Sympa::Regexps::email(),
    'old_email'  => Sympa::Regexps::email(),
    'new_email'  => Sympa::Regexps::email(),
    'sender'     => Sympa::Regexps::email(),
    'fromaddr'   => Sympa::Regexps::email(),
    'to' => '(([\w\-\_\.\/\+\=\']+|\".*\")\s[\w\-]+(\.[\w\-]+)+(,?))*',
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
    'automatic_list_part_*' => '[\w\-\.\+]*',

    ## Host
    'new_robot'   => Sympa::Regexps::host(),
    'remote_host' => Sympa::Regexps::host(),
    'remote_addr' => Sympa::Regexps::host(),

    ## Scenario name
    'scenario'    => Sympa::Regexps::scenario(),
    'read_access' => Sympa::Regexps::scenario(),
    'edit_access' => Sympa::Regexps::scenario(),
    ## RSS URL or blank
    'active_lists'  => '.*',
    'latest_lists'  => '.*',
    'latest_arc'    => '.*',
    'latest_d_read' => '.*',

    ##Logs
    'target_type' => '[\w\-\.\:]*',
    'target'      => Sympa::Regexps::email(),
    'date_from'   => '[\d\/\-]+',
    'date_to'     => '[\d\/\-]+',
    'ip'          => Sympa::Regexps::host(),

    ## colors
    'subaction_test'      => '.*',
    'subaction_reset'     => '.*',
    'subaction_install'   => '.*',
    'custom_color_value'  => '\#[0-9a-fA-F]+',
    'custom_color_number' => 'color_\w+',

    ## Custom attribute
    'custom_attribute' => '.*',

    ## Templates
    'scope' => 'distrib|robot|family|list|site',

    ## Custom Inputs from create_list_request.tt2
    'custom_input' => '.*',

    ## conf parameters
    'conf_new_value' => '.*',

    ## custom actions
    'cap'  => '.*',
    'lcap' => '.*',

    'plugin' => '.*',
948
949
950

    ## Envelope ID
    'envid' => '\w+',
951
952
953

    ## Authentication/moderation key
    'authkey' => '\w+',
954
);
955

956
## Regexp applied on incoming parameters (%in)
957
958
959
960
961
962
963
964
## This regular expression defines forbidden expressions applied on all
## incoming parameters
## Note that you can use the ^ and $ expressions to match beginning and ending
## of expressions
our %in_negative_regexp = ('arc_file' => '^(arctxt|\.)');

## List some required filtering of incoming parameters, depending on current
## action
965
## Paramater can be '*' or 'param*'
966
## Like Q-encoding
967
my %filtering = (
968
969
    #XXX'd_reject_shared' => {'id' => 'qencode'},
    #XXX'd_install_shared' => {'id' => 'qencode'},
970
    #XXX'd_read' => {'path' => 'qencode'},
971
    #XXX'd_create_child' => {'new_name' => 'qencode', 'path' => 'qencode'},
sikeda's avatar
sikeda committed
972
    #XXX'd_unzip' => {'path' => 'qencode'},
sikeda's avatar
sikeda committed
973
    #XXX'd_editfile' => {'path' => 'qencode'},
974
    #XXX'd_properties' => {'path' => 'qencode'},
975
    #XXX'd_update' => {'path' => 'qencode'},
976
    #XXX'd_describe' => {'path' => 'qencode'},
977
978
979
    #XXX'd_delete' => {'path' => 'qencode'},
    #XXX'd_rename' => {'path' => 'qencode', 'new_name' => 'qencode'},
    #XXX'd_control' => {'path' => 'qencode'},
980
981
    #XXX'd_change_access' => {'path' => 'qencode'},
    #XXX'd_set_owner' => {'path' => 'qencode'},
982
983
984
    #XXX'requestpasswd' => {'email' => 'fix_escape_uri'},
    #XXX'viewbounce' => {'email' => 'fix_escape_uri'},
    #XXX'editsubscriber' => {'email' => 'fix_escape_uri'},
985
986
    ## Required because outgoing parameters have been html-escaped in
    ## edit_list_request
987
    #'edit_list' => {'*param*' => 'unescape_html'},
988
989
990
991
992
    ## Remove leading/trailing white spaces and lowercase
    'change_email' => {'*email' => 'normalize'},
);

## Set locale configuration
993
994
my $language = Sympa::Language->instance;
$language->set_lang($Conf::Conf{'lang'}, 'en');
salaun's avatar
salaun committed
995

996
997
998
999
# Important to leave this there because it defined defaults for
# user_data_source
#FIXME: Is it really required?
Sympa::DatabaseManager->instance;
1000

1001
1002
1003
1004
# Now, load all components which are implemented as plugins.  Those will
# add fields to above configuration and may do database upgrades.
$plugins->start if $plugins;

1005
1006
1007
## Check that the data structure is uptodate
## If not, set the web interface to maintenance mode
my $maintenance_mode;
sikeda's avatar
sikeda committed
1008
unless (Conf::data_structure_uptodate()) {
1009
    $maintenance_mode = 1;
1010
    $log->syslog('err',
1011
        'WWSympa set to maintenance mode; you should run sympa.pl --upgrade');
1012
} elsif (Conf::cookie_changed()) {
1013
1014
    $maintenance_mode = 1;
    $log->syslog('err',
1015
1016
        'WWSympa set to maintenance mode; sympa.conf/cookie parameter has changed.'
    );
1017
1018
}

1019
our %changed_params;
salaun's avatar
salaun committed
1020

1021
1022
our %in;
my $query;
root's avatar
root committed
1023

1024
my $birthday = time;
1025

1026
1027
my $bulk = Sympa::Bulk->new;

1028
$log->syslog('info', 'WWSympa started, process %d', $PID);
1029

1030
1031
1032
1033
# Now internal encoding is same as input/output.
#XXX## Set output encoding
#XXX## All outgoing strings will be recoded transparently using this charset
#XXXbinmode STDOUT, ":utf8";
1034

1035
1036
#XXX## Incoming data is utf8-encoded
#XXXbinmode STDIN, ":utf8";
1037

1038
1039
1040
1041
## Main loop
my $loop_count;
my $start_time = time;
while ($query = new_loop()) {
1042

1043
    undef %::changed_params;
root's avatar
root committed
1044

1045
1046
1047
1048
1049
1050
1051
1052
    undef $param;
    undef $list;
    undef $robot;
    undef $robot_object;
    undef $ip;
    undef $rss;
    undef $ajax;
    undef $session;
1053

1054
    $log->{level} = $Conf::Conf{'log_level'};
1055
    $language->set_lang(Sympa::best_language('*'));
1056

1057
    ## Empty cache of the List.pm module
1058
1059
    Sympa::List::init_list_cache();

1060
    # Process grouped notifications
1061
    Sympa::Alarm->instance->flush;
1062
1063

    ## Check effective ID
1064
    unless ($EUID eq (getpwnam(Sympa::Constants::USER))[2]) {
1065
        $maintenance_mode = 1;
sikeda's avatar
sikeda committed
1066
1067
        Sympa::Report::reject_report_web('intern_quiet',
            'incorrect_server_config', {}, '', '');
1068
1069
        wwslog(
            'err',
1070
            'Config error: WWSympa should run with UID %s (instead of %s). *** Switching to maintenance mode. ***',
1071
            (getpwnam(Sympa::Constants::USER))[2],
1072
            $EUID
1073
1074
        );
    }
1075

1076
    ## We set the real UID with the effective UID value
1077
    ## It is useful to allow execution of scripts like alias_manager
1078
    ## that otherwise might loose the benefit of SetUID
1079
1080
    $UID = $EUID;    ## UID
    $GID = $EGID;    ## GID
1081

1082
    unless (Sympa::DatabaseManager->instance) {
sikeda's avatar
sikeda committed
1083
1084
        Sympa::Report::reject_report_web('system_quiet', 'no_database', {},
            '', '');
1085
        $log->syslog('info', 'WWSympa requires a RDBMS to run');
1086
    }
1087

1088
    ## If in maintenance mode, check if the data structure is now uptodate
sikeda's avatar
sikeda committed
1089
1090
    if (    $maintenance_mode
        and Conf::data_structure_uptodate()
1091
        and not Conf::cookie_changed()
sikeda's avatar
sikeda committed
1092
        and ($EUID eq (getpwnam(Sympa::Constants::USER))[2])) {
1093
        $maintenance_mode = undef;
1094
        $log->syslog('notice',
1095
1096
            "Data structure seem updated, setting OFF maintenance mode");
    }
1097

1098
    ## Generate traceback if crashed.
1099
1100
    ## Though I don't know why, __DIE__ handler is cleared after INIT.
    Sympa::Crash::register_handler();
1101

1102
1103
1104
1105
    ## Get params in a hash
    %in = $query->Vars;

    foreach my $k (keys %::changed_params) {
1106
        $log->syslog('debug3', 'Changed Param: %s', $k);
1107
1108
1109
1110
1111
    }

    ## Parse CGI parameters
    #    &CGI::ReadParse();

1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
    # Determin robot.
    # N.B. As of 6.2.15, the http_host parameter will match with the host name
    # and path locally detected by server.  If remotely detected host name
    # and / or path should be differ, the proxy must adjust them.
    my $server_name = Sympa::Tools::WWW::get_server_name() || '';
    if ($server_name
        and my $hostmap = $Conf::Conf{'robot_by_http_host'}->{$server_name}) {
        my $selected_robot;
        my $selected_path = '';

        my $request_uri = $ENV{'REQUEST_URI'} || '';
        while (my ($path, $v) = each %$hostmap) {
sikeda's avatar
sikeda committed
1124
            if (0 == index $request_uri, $path) {    #FIXME:percent-decode
1125
1126
1127
                # Longer path wins.
                if (length $selected_path < length $path) {
                    ($selected_robot, $selected_path) = ($v, $path);
1128
1129
1130
1131
1132
                }
            }
        }
        $robot = $selected_robot;
    }
sikeda's avatar
sikeda committed
1133
    $robot = $Conf::Conf{'host'} unless $robot;      #FIXME:Use domain.
1134
1135
1136
1137

    # Not yet implemented
    ### Create Robot object
    #$robot_object = new Robot $robot;
1138

1139
    ## Default robot
1140
    if ($robot eq $Conf::Conf{'host'}) {    #FIXME:Use domain.
1141
1142
1143
        $param->{'default_robot'} = 1;
    }

1144
    $ip = $ENV{'REMOTE_HOST'} || $ENV{'REMOTE_ADDR'} || 'undef';
1145

1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
    # Determin cookie domain.
    # In case HTTP_HOST does not match cookie_domain, use former.
    # N.B. As of 6.2.15, the cookie domain will match with the host name
    # locally detected by server.  If remotely detected name should be differ,
    # the proxy must adjust it.
    my $cookie_domain = Conf::get_robot_conf($robot, 'cookie_domain');
    my $http_host = Sympa::Tools::WWW::get_http_host() || '';
    $http_host =~ s/:\d+$//;    # Suppress port.
    unless (substr($http_host, -length($cookie_domain)) eq lc $cookie_domain
        or $cookie_domain eq 'localhost') {
sikeda's avatar
sikeda committed
1156
        wwslog('notice',
1157
            '(%s) Does NOT match HTTP_HOST; setting cookie_domain to %s',
sikeda's avatar
sikeda committed
1158
            $cookie_domain, $http_host);
1159
        $cookie_domain = $http_host;
1160
    }
1161
1162
    $param->{'cookie_domain'} = $cookie_domain;

1163
    $log->{level} = Conf::get_robot_conf($robot, 'log_level');
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183

    ## Sympa parameters in $param->{'conf'}
    $param->{'conf'} = {};
    foreach my $p (
        'email',
        'host',
        'soap_url',
        'wwsympa_url',
        'listmaster_email',
        'logo_html_definition',
        'favicon_url',
        'main_menu_custom_button_1_url',
        'main_menu_custom_button_1_title',
        'main_menu_custom_button_1_target',
        'main_menu_custom_button_2_url',
        'main_menu_custom_button_2_title',
        'main_menu_custom_button_2_target',
        'main_menu_custom_button_3_url',
        'main_menu_custom_button_3_title',
        'main_menu_custom_button_3_target',
1184
        'static_content_url',
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
        'dark_color',
        'light_color',
        'text_color',
        'bg_color',
        'error_color',
        'use_blacklist',
        'antispam_feature',
        'custom_robot_parameter',
        'selected_color',
        'shaded_color',
        'color_0',
        'color_1',
        'color_2',
        'color_3',
        'color_4',
        'color_5',
        'color_6',
        'color_7',
        'color_8',
        'color_9',
        'color_10',
        'color_11',
        'color_12',
        'color_13',
        'color_14',
        'color_15',
        'reporting_spam_script_path',
        'automatic_list_families',
1213
        'spam_protection',
1214
1215
1216
1217
        ) {

        $param->{'conf'}{$p} = Conf::get_robot_conf($robot, $p);
        $param->{$p} = Conf::get_robot_conf($robot, $p)
1218
            if $p =~ /_color\z/
1219
1220
            or $p =~ /\Acolor_/
            or $p =~ /_url\z/;
1221
    }
1222
    # Compat.: deprecated attributes of Robot.
1223
    $param->{'conf'}{'sympa'} = Sympa::get_address($robot);
1224
    $param->{'conf'}{'request'} = Sympa::get_address($robot, 'owner');
1225
1226

    foreach my $auth (keys %{$Conf::Conf{'cas_id'}{$robot}}) {
1227
        $log->syslog('debug2', 'CAS authentication service %s', $auth);
1228
1229
1230
1231
1232
1233
        $param->{'sso'}{$auth} =
            $Conf::Conf{'cas_id'}{$robot}{$auth}
            {'auth_service_friendly_name'};
    }

    foreach my $auth (keys %{$Conf::Conf{'generic_sso_id'}{$robot}}) {
1234
        $log->syslog('debug', 'Generic SSO authentication service %s', $auth);
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
        $param->{'sso'}{$auth} =
            $Conf::Conf{'auth_services'}{$robot}
            [$Conf::Conf{'generic_sso_id'}{$robot}{$auth}]{'service_name'};
    }

    $param->{'sso_number'} =
        $Conf::Conf{'cas_number'}{$robot} +
        $Conf::Conf{'generic_sso_number'}{$robot};
    $param->{'use_passwd'} = $Conf::Conf{'use_passwd'}{$robot};
    $param->{'use_sso'} = 1 if ($param->{'sso_number'});
    $param->{'authentication_info_url'} =
        $Conf::Conf{'authentication_info_url'}{$robot};
    $param->{'wwsconf'} = Conf::_load_wwsconf;    #FXIME: no longer used?

    $param->{'version'} = Sympa::Constants::VERSION;
    $param->{'date'} =
        $language->gettext_strftime("%d %b %Y at %H:%M:%S", localtime time);
    $param->{'time'} =
        $language->gettext_strftime("%H:%M:%S", localtime time);

    ## Hash defining the parameters where no control is performed (because
    ## they are supposed to contain html and/or javascript).
    $param->{'htmlAllowedParam'} = {
1258
1259
1260
        #'hidden_head'          => 1,
        #'hidden_end'           => 1,
        #'hidden_at'            => 1,
1261
1262
1263
1264
        'selected'             => 1,
        'logo_html_definition' => 1,
        'html_dumpvars'        => 1,
        'html_editor_init'     => 1,
sikeda's avatar
sikeda committed
1265
        'html_content'         => 1,
1266
1267
1268
1269
1270
1271
1272
1273
    };
    ## Hash defining the parameters where HTML must be filtered.
    $param->{'htmlToFilter'} = {
        'homepage_content' => 1,
        'info_content'     => 1,
    };

    ## Change to list root
1274
    unless (chdir $Conf::Conf{'home'}) {
sikeda's avatar
sikeda committed
1275
1276
        Sympa::Report::reject_report_web('intern', 'chdir_error', {}, '', '',
            '', $robot);
1277
        wwslog('info', 'Unable to change directory');
1278
        exit -1;
1279
1280
1281
1282
1283
1284
    }

    ## Sets the UMASK
    umask(oct($Conf::Conf{'umask'}));

    ## Authentication
1285
    ## use https client certificate information if define.
1286
1287
1288
1289

    ## Default auth method (for scenarios)
    $param->{'auth_method'} = 'md5';

1290
    Sympa::Report::init_report_web();
1291
1292

    ## Get PATH_INFO parameters
1293
    get_parameters($robot);
1294
1295
1296
1297

    # Propagate plugins parameters
    $param->{'plugin'} = $in{'plugin'};

1298
1299
1300
    # # Static content
    # $param->{'static_content_url'} =
    #     Conf::get_robot_conf($robot, 'static_content_url');
1301
1302
1303
1304

    ## CSS related
    $param->{'css_path'} = Conf::get_robot_conf($robot, 'css_path');
    $param->{'css_url'}  = Conf::get_robot_conf($robot, 'css_url');
1305

1306
    ## If CSS file not found, let Sympa do the job...
1307
1308
1309
1310
1311
1312
1313
1314
1315
    #unless ($param->{'css_path'} and -f $param->{'css_path'} . '/style.css') {
    #    wwslog(
    #        'err',
    #        'Could not find CSS file %s, using default CSS',
    #        $param->{'css_path'} . '/style.css'
    #    ) if $param->{'css_path'};    # Notice only if path was defined.
    #    $param->{'css_url'} =
    #        Sympa::get_url($robot, 'css', authority => 'omit');
    #}
1316
1317
1318

    wwslog(
        'info',
1319
        'Parameter css_url "%s" seems strange, it must be the url of a directory not a css file',
1320
        $param->{'css_url'}
1321
    ) if $param->{'css_url'} =~ /\.css$/;
1322

1323
    $session = Sympa::Session->new(
1324
        $robot,
sikeda's avatar
sikeda committed
1325
1326
        {   'cookie' =>
                Sympa::Session::get_session_cookie($ENV{'HTTP_COOKIE'}),
1327
1328
1329
1330
1331
1332
            'action' => $in{'action'},
            'rss'    => $rss,
            'ajax'   => $ajax
        }
    );

sikeda's avatar
sikeda committed
1333
1334
1335
    # Getting rid of the environment variable to make sure it won't be
    # affected to another anonymous session.
    undef $ENV{'HTTP_COOKIE'};
1336
    unless (defined $session) {
1337
        Sympa::send_notify_to_listmaster($robot,
1338
            'failed_to_create_web_session', {});
1339
        wwslog('info', 'Failed to create session');
1340
        $session = Sympa::Session->new($robot, {});
1341
1342
1343
1344
1345
    }

    # Retreive oauth_token from session if it exists and if we have a (newly)
    # identified user
    my $oauth_token = $session->{'oauth_token'} || '';
1346
1347
    $in{'oauth_token'} = delete $session->{'oauth_token'}
        if $oauth_token ne '' && $session->{'email'} ne 'nobody';
1348

1349
    $session->{'is_family_owner'} = undef;
1350
1351
    my $automatic_list_families =
        Conf::get_robot_conf($robot, 'automatic_list_families');
1352
    if (defined $automatic_list_families) {
1353
1354
        foreach my $key (keys %{$automatic_list_families}) {
            my $family;