Changeset - r21:8da9767de359
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Wolfgang Scherer (ws) - 13 years ago 2012-03-31 14:13:41
wolfgang.scherer@gmx.de
index.php: Recover extra forward user from X-WSV-Forward-To header.
Validate extra forward user. Produce valid XHTML output.
2 files changed with 65 insertions and 45 deletions:
index.php
63
45
lib/language.php
2
0 comments (0 inline, 0 general)
index.php
Show inline comments
 
@@ -80,6 +80,9 @@ if (!$is_admin) {
 

			




	
	
	
		
 
$title = get_text('title');

			




	
	
	
		
 
$css = '

			




	
	
	
		
 
div.error {

			




	
	
	
		
 
    margin-bottom: 10px;

			




	
	
	
		
 
}

			




	
	
	
		
 
span.label {

			




	
	
	
		
 
    width: 100px;

			




	
	
	
		
 
    display: inline-block;

			




	
	
		
 
@@ -90,12 +93,28 @@ hr.sep {

			




	
	
	
		
 
    text-align: left;

			




	
	
	
		
 
    margin-left: 0;

			




	
	
	
		
 
}

			




	
	
	
		
 
#body, #copyright-notice {

			




	
	
	
		
 
    width: 550px;

			




	
	
	
		
 
    margin: 10px auto;

			




	
	
	
		
 
    position:relative;

			




	
	
	
		
 
}

			




	
	
	
		
 
#body {

			




	
	
	
		
 
    text-align: left;

			




	
	
	
		
 
}

			




	
	
	
		
 
#copyright-notice {

			




	
	
	
		
 
    text-align: center;

			




	
	
	
		
 
    font-size: 8pt;

			




	
	
	
		
 
}

			




	
	
	
		
 
';

			




	
	
	
		
 

			




	
	
	
		
 
$script ='

			




	
	
	
		
 
';

			




	
	
	
		
 

			




	
	
	
		
 
echo substitute_elements(

			




	
	
	
		
 
    $HEAD, Array(

			




	
	
	
		
 
        'title' => $title,

			




	
	
	
		
 
        'css' => $css,

			




	
	
	
		
 
        'title' => trim($title),

			




	
	
	
		
 
        'css' => trim($css),

			




	
	
	
		
 
        'script' => trim($script),

			




	
	
	
		
 
        ));

			




	
	
	
		
 
hl($title);

			




	
	
	
		
 

			




	
	
		
 
@@ -117,7 +136,7 @@ if (empty($user)) {

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
if (!$is_admin && !in_array($user, $user_names)) {

			




	
	
	
		
 
    error_msg(sprintf('%s (%s)!', get_text('error_no_user'), $user));

			




	
	
	
		
 
    error_msg(sprintf('%s (%s)!', get_text('error_unknown_user'), $user));

			




	
	
	
		
 
    echo $FOOT;

			




	
	
	
		
 
    exit(0);

			




	
	
	
		
 
}

			




	
	
		
 
@@ -151,8 +170,6 @@ if ($forward_active)

			




	
	
	
		
 
        $forward_settings[1] = '';

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 
$vacation_forward = $forward_settings[1];

			




	
	
	
		
 
$vacation_forward = preg_replace('/^\\\\/', '', $vacation_forward);

			




	
	
	
		
 

			




	
	
	
		
 
if (!file_exists($vacation_msg_file)) {

			




	
	
	
		
 
    $vacation_msg = get_text('vacation');

			




	
	
		
 
@@ -162,41 +179,40 @@ if (!file_exists($vacation_msg_file)) {

			




	
	
	
		
 
    $decode = True;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// $lines = explode("\n", $vacation_msg);

			




	
	
	
		
 
// $vacation_subject = array_shift($lines);

			




	
	
	
		
 
// $vacation_subject = preg_replace('/^[Ss]ubject: */', '', $vacation_subject);

			




	
	
	
		
 
// $vacation_headers = Array();

			




	
	
	
		
 
// // remove additional headers

			




	
	
	
		
 
// while (True) {

			




	
	
	
		
 
//     $line = array_shift($lines);

			




	
	
	
		
 
//     if (empty($line)) {

			




	
	
	
		
 
//         break;

			




	
	
	
		
 
//     }

			




	
	
	
		
 
//     $vacation_headers[] = $line;

			




	
	
	
		
 
// }

			




	
	
	
		
 
// $vacation_body = implode($lines, "\n");

			




	
	
	
		
 

			




	
	
	
		
 
$vacation_parts = vacation_split($vacation_msg, $decode);

			




	
	
	
		
 
$vacation_subject = $vacation_parts[0];

			




	
	
	
		
 
$vacation_headers = $vacation_parts[1];

			




	
	
	
		
 
$vacation_body = $vacation_parts[2];

			




	
	
	
		
 

			




	
	
	
		
 
$vacation_refresh = isset($_REQUEST['refresh']);

			




	
	
	
		
 
$vacation_forward_to = '';

			




	
	
	
		
 
if ( !$vacation_refresh && isset($_REQUEST['forward']) ) {

			




	
	
	
		
 
    $vacation_forward_to =  $_REQUEST['forward'];

			




	
	
	
		
 
} else {

			




	
	
	
		
 
    $vacation_forward_to = $forward_settings[1];

			




	
	
	
		
 
    $vacation_forward_to = preg_replace('/^\\\\/', '', $vacation_forward_to);

			




	
	
	
		
 
    if (empty($vacation_forward_to)) {

			




	
	
	
		
 
        $vacation_forward_to = vacation_find_forward($vacation_headers);

			




	
	
	
		
 
    }

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// --------------------------------------------------

			




	
	
	
		
 
// |||:sec:||| Set vacation(1) parameters

			




	
	
	
		
 
// --------------------------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
$vacation_setup = isset($_REQUEST['setzen']);

			




	
	
	
		
 
$vacation_clear = isset($_REQUEST['loeschen']);

			




	
	
	
		
 
$vacation_setup = isset($_REQUEST['save']);

			




	
	
	
		
 
$vacation_clear = isset($_REQUEST['delete']);

			




	
	
	
		
 

			




	
	
	
		
 
if ($vacation_setup || $vacation_clear) {

			




	
	
	
		
 
    $forward_active = isset($_REQUEST['aktiv']);

			




	
	
	
		
 
    $vacation_forward = isset($_REQUEST['forward']) ? $_REQUEST['forward'] : '';

			




	
	
	
		
 
    if ($vacation_forward == $user) {

			




	
	
	
		
 
        $vacation_forward = '';

			




	
	
	
		
 
    $forward_active = isset($_REQUEST['active']);

			




	
	
	
		
 
    // validate forward to

			




	
	
	
		
 
    if ($vacation_forward_to == $user) {

			




	
	
	
		
 
        $vacation_forward_to = '';

			




	
	
	
		
 
    }

			




	
	
	
		
 
    $vacation_subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';

			




	
	
	
		
 
    $vacation_body = isset($_REQUEST['body']) ? trim($_REQUEST['body']) : '';

			




	
	
	
		
 
    $forward_settings = Array(

			




	
	
	
		
 
        '\\'.$user, $vacation_forward,

			




	
	
	
		
 
        '\\'.$user, $vacation_forward_to,

			




	
	
	
		
 
        sprintf($VACATION_FORWARD_ENTRY, $user));

			




	
	
	
		
 

			




	
	
	
		
 
    while (True) {

			




	
	
		
 
@@ -210,18 +226,18 @@ if ($vacation_setup || $vacation_clear) 

			




	
	
	
		
 
            error_msg(get_text('error_no_subject'));

			




	
	
	
		
 
            break;

			




	
	
	
		
 
        }

			




	
	
	
		
 
        if (!$is_admin && !empty($vacation_forward_to) && !in_array($vacation_forward_to, $user_names)) {

			




	
	
	
		
 
            error_msg(sprintf('%s (%s)!', get_text('error_unknown_forward'), $vacation_forward_to));

			




	
	
	
		
 
            break;

			




	
	
	
		
 
        }

			




	
	
	
		
 
        // Actually set it

			




	
	
	
		
 

			




	
	
	
		
 
        // If not active, remove "Vertretung"

			




	
	
	
		
 
        if (!$forward_active) {

			




	
	
	
		
 
            $vacation_forward = '';

			




	
	
	
		
 
        // Prepare vacation(1) message

			




	
	
	
		
 
        $headers = '';

			




	
	
	
		
 
        if (!empty($vacation_forward_to)) {

			




	
	
	
		
 
            $headers = sprintf('X-WSV-Forward-To: %s', $vacation_forward_to);

			




	
	
	
		
 
        }

			




	
	
	
		
 
        $forward_settings = Array(

			




	
	
	
		
 
            '\\'.$user, $vacation_forward,

			




	
	
	
		
 
            sprintf($VACATION_FORWARD_ENTRY, $user));

			




	
	
	
		
 

			




	
	
	
		
 
        // Prepare vacation(1) message

			




	
	
	
		
 
        $vacation_msg = vacation_join($vacation_subject, $vacation_body);

			




	
	
	
		
 
        $vacation_msg = vacation_join($vacation_subject, $vacation_body, $headers);

			




	
	
	
		
 
        $vacation_msg_pipe = popen(sprintf(

			




	
	
	
		
 
                  '%s -u %s %s %s %s',

			




	
	
	
		
 
                  $SUDO_CMD, $user, $SUDO_OPT_H, $WRITE_TO_CMD, $vacation_msg_file),

			




	
	
		
 
@@ -261,7 +277,7 @@ if ($vacation_setup || $vacation_clear) 

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
// echo ('<pre>'."\n");            // |:debug:|

			




	
	
	
		
 
// echo ($vacation_forward);

			




	
	
	
		
 
// echo ($vacation_forward_to);

			




	
	
	
		
 
// var_dump($forward_settings);

			




	
	
	
		
 
// echo ('</pre>'."\n");

			




	
	
	
		
 

			




	
	
		
 
@@ -272,6 +288,7 @@ if ($vacation_setup || $vacation_clear) 

			




	
	
	
		
 
$form = Array();

			




	
	
	
		
 
//$form[] = '<hr class="sep"/>';

			




	
	
	
		
 
$form[] = '<form action="index.php" method="post">';

			




	
	
	
		
 
$form[] = '<div>';

			




	
	
	
		
 

			




	
	
	
		
 
if ($_debug) {

			




	
	
	
		
 
    $form[] = sprintf(

			




	
	
		
 
@@ -280,9 +297,9 @@ if ($_debug) {

			




	
	
	
		
 

			




	
	
	
		
 
// column names

			




	
	
	
		
 
$form[] = '<span class="label">';

			




	
	
	
		
 
$form[] = sprintf('<input type="submit" name="holen" value="%s" />', get_text('refresh'));

			




	
	
	
		
 
$form[] = sprintf('<input type="submit" name="refresh" value="%s" />', get_text('refresh'));

			




	
	
	
		
 
$form[] = '</span>';

			




	
	
	
		
 
$form[] = '<span style="display: inline-block;"><table border="0" cellspacing="0" cellpadding="2" style="width: 410px; vertical-align: top;">';

			




	
	
	
		
 
$form[] = '<div style="display: inline-block; padding: 0; margin: 0;"><table border="0" cellspacing="0" cellpadding="2" style="width: 430px; vertical-align: top;">';

			




	
	
	
		
 
$trow = Array();

			




	
	
	
		
 
$trow[] = get_text('user');

			




	
	
	
		
 
$trow[] = get_text('forward_to');

			




	
	
		
 
@@ -294,7 +311,7 @@ if ($_debug) {

			




	
	
	
		
 
// user

			




	
	
	
		
 
$user_control = Array();

			




	
	
	
		
 
if ($is_admin) {

			




	
	
	
		
 
    $user_control[] = '<select name="user" />';

			




	
	
	
		
 
    $user_control[] = '<select name="user">';

			




	
	
	
		
 
    foreach ($user_names as $sel_user) {

			




	
	
	
		
 
        if ($sel_user == $user) {

			




	
	
	
		
 
            $selected = ' selected="selected"';

			




	
	
		
 
@@ -313,14 +330,14 @@ if ($is_admin) {

			




	
	
	
		
 

			




	
	
	
		
 
// forward

			




	
	
	
		
 
$user_control = Array();

			




	
	
	
		
 
$user_control[] = '<select name="forward" />';

			




	
	
	
		
 
$user_control[] = '<select name="forward">';

			




	
	
	
		
 
$user_control[] = sprintf('<option value="">%s</option>', get_text('none'));

			




	
	
	
		
 
$selected = '';

			




	
	
	
		
 
foreach ($user_names as $sel_user) {

			




	
	
	
		
 
    if (!$is_admin && $sel_user == $user) {

			




	
	
	
		
 
        continue;

			




	
	
	
		
 
    }

			




	
	
	
		
 
    if ($sel_user == $vacation_forward) {

			




	
	
	
		
 
    if ($sel_user == $vacation_forward_to) {

			




	
	
	
		
 
        $selected = ' selected="selected"';

			




	
	
	
		
 
    } else {

			




	
	
	
		
 
        $selected = '';

			




	
	
		
 
@@ -338,13 +355,13 @@ if ($forward_active) {

			




	
	
	
		
 
} else {

			




	
	
	
		
 
    $active_checked = '';

			




	
	
	
		
 
}

			




	
	
	
		
 
$user_control[] = sprintf('<input type="checkbox" name="aktiv" value="aktiv"%s><br />',

			




	
	
	
		
 
$user_control[] = sprintf('<input type="checkbox" name="active" value="active"%s /><br />',

			




	
	
	
		
 
                          $active_checked);

			




	
	
	
		
 
$user_control = implode($user_control, "\n");

			




	
	
	
		
 
$trow[] = $user_control;

			




	
	
	
		
 

			




	
	
	
		
 
$form[] = sprintf('<tr><td style="text-align: center;">%s</td></tr>', implode($trow, '</td><td style="text-align: center;">'));

			




	
	
	
		
 
$form[] = '</table></span><br />';

			




	
	
	
		
 
$form[] = '</table></div><br />';

			




	
	
	
		
 

			




	
	
	
		
 
// subject

			




	
	
	
		
 
$form[] = sprintf('<span class="label">%s<sup>*</sup>:</span>', get_text('subject'));

			




	
	
		
 
@@ -367,7 +384,7 @@ if ($forward_active) {

			




	
	
	
		
 
// actions

			




	
	
	
		
 
$form[] = '<hr class="sep"/>';

			




	
	
	
		
 
$form[] = '<span class="label">&nbsp;</span>';

			




	
	
	
		
 
$form[] = sprintf('<input type="submit" name="setzen" value="%s" /><br />', get_text('save'));

			




	
	
	
		
 
$form[] = sprintf('<input type="submit" name="save" value="%s" /><br />', get_text('save'));

			




	
	
	
		
 
$form[] = '<hr class="sep"/>';

			




	
	
	
		
 

			




	
	
	
		
 
// --------------------------------------------------

			




	
	
		
 
@@ -391,7 +408,7 @@ if (!empty ($vacation_list)) {

			




	
	
	
		
 
    $form[] = '</pre>';

			




	
	
	
		
 
    $form[] = '<hr class="sep"/>';

			




	
	
	
		
 
    $form[] = '<span class="label">&nbsp;</span>';

			




	
	
	
		
 
    $form[] = sprintf('<input type="submit" name="loeschen" value="%s" /><br />', get_text('delete'));

			




	
	
	
		
 
    $form[] = sprintf('<input type="submit" name="delete" value="%s" /><br />', get_text('delete'));

			




	
	
	
		
 
    if ($is_admin) {

			




	
	
	
		
 
        $form[] = ('<hr class="sep"/>');

			




	
	
	
		
 
    }

			




	
	
		
 
@@ -399,6 +416,7 @@ if (!empty ($vacation_list)) {

			




	
	
	
		
 
    $form[] = shl(get_text('reply_history_empty'));

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
$form[] = '</div>';

			




	
	
	
		
 
$form[] = '</form>';

			




	
	
	
		
 
echo implode($form, "\n");

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    lib/language.php
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -31,6 +31,7 @@ Your message has been forwarded to a co-

			




	
	
	
		
 
        'error_no_subject' => 'error: subject is empty!',

			




	
	
	
		
 
        'error_no_user' => 'error: no user specified!',

			




	
	
	
		
 
        'error_unknown_user' => 'error: unkown user',

			




	
	
	
		
 
        'error_unknown_forward' => 'error: unknown forward user',

			




	
	
	
		
 

			




	
	
	
		
 
        'title' => 'Email Vacation Settings',

			




	
	
	
		
 
        'user' => 'User',

			




	
	
		
 
@@ -64,6 +65,7 @@ Ihre Mail wird zur Bearbeitung an meine 

			




	
	
	
		
 
        'error_no_subject' => 'Fehler: Betreff ist leer!',

			




	
	
	
		
 
        'error_no_user' => 'Fehler: Benutzer kann nicht ermittelt werden!',

			




	
	
	
		
 
        'error_unknown_user' => 'Fehler: unbekannter Benutzer',

			




	
	
	
		
 
        'error_unknown_forward' => 'Fehler: unbekannte Vertretung',

			




	
	
	
		
 

			




	
	
	
		
 
        'title' => 'Email Urlaubseinstellungen',

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: mail.sw-amt.ws-1440
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2022 by various authors & licensed under GPLv3.
            – Support