kalipso/racalmas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add_comment.cgi: perltidy

Browse Source
This commit is contained in:
Milan
2020-04-09 22:58:17 +02:00
parent b72f71e0ac
commit d3762084d6
1 changed files with 125 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
website/agenda/add_comment.cgi
View File

@@ -1,7 +1,9 @@
#!/usr/bin/perl #!/usr/bin/perl
use warnings;
use strict; use strict;
use warnings;
no warnings 'redefine';
use Data::Dumper; use Data::Dumper;
use params(); use params();
@@ -15,75 +17,78 @@ use time();
binmode STDOUT, ":utf8"; binmode STDOUT, ":utf8";
my $r=shift; my $r = shift;
(my $cgi, my $params, my $error)=params::get($r); ( my $cgi, my $params, my $error ) = params::get($r);
my $config = config::getFromScriptLocation(); my $config = config::getFromScriptLocation();
my $debug = $config->{system}->{debug}; my $debug = $config->{system}->{debug};
my $request={ my $request = {
url => $ENV{QUERY_STRING}, url => $ENV{QUERY_STRING},
params => { params => {
original => $params, original => $params,
checked => check_params($config, $params), checked => check_params( $config, $params ),
}, },
config => $config, config => $config,
}; };
$params=$request->{params}->{checked}; $params = $request->{params}->{checked};
print "Content-Type:text/plain\n\n"; print "Content-Type:text/plain\n\n";
print STDERR "add comment: ".Dumper($params); print STDERR "add comment: " . Dumper($params);
my $comment =$params->{comment}; my $comment = $params->{comment};
$config->{access}->{write}=1; $config->{access}->{write} = 1;
my $dbh=db::connect($config,undef); my $dbh = db::connect( $config, undef );
print "ok\n"; print "ok\n";
$comment->{content}=~s/(^|\s)((https?\:\/\/)(.*?))(\s|$|\<)/$1\<a href\=\"$2\"\>$2\<\/a\>$5/g; $comment->{content} =~ s/(^|\s)((https?\:\/\/)(.*?))(\s|$|\<)/$1\<a href\=\"$2\"\>$2\<\/a\>$5/g;
$comment->{content}=~s/(^|\s)((https?\:\/\/)(.*?))(\s|$|\<)/$1\<a href\=\"$2\"\>$2\<\/a\>$5/g; $comment->{content} =~ s/(^|\s)((https?\:\/\/)(.*?))(\s|$|\<)/$1\<a href\=\"$2\"\>$2\<\/a\>$5/g;
$comment->{content}=~s/(^|\s)((www\.)(.*?))(\s|$|\<)/$1\<a href\=\"http\:\/\/$2\"\>$2\<\/a\>$5/g; #" $comment->{content} =~ s/(^|\s)((www\.)(.*?))(\s|$|\<)/$1\<a href\=\"http\:\/\/$2\"\>$2\<\/a\>$5/g; #"
$comment->{content}=~s/(^|\s)((www\.)(.*?))(\s|$|\<)/$1\<a href\=\"http\:\/\/$2\"\>$2\<\/a\>$5/g; #" $comment->{content} =~ s/(^|\s)((www\.)(.*?))(\s|$|\<)/$1\<a href\=\"http\:\/\/$2\"\>$2\<\/a\>$5/g; #"
if (comments::check($dbh, $config, $comment)){ if ( comments::check( $dbh, $config, $comment ) ) {
my $nslookup=nslookup(); my $nslookup = nslookup();
#if (is_blocked($nslookup)==1){ #if (is_blocked($nslookup)==1){
# send_mail($comment, $nslookup, 'blocked'); # send_mail($comment, $nslookup, 'blocked');
# return; # return;
#}; #};
$comment->{comment_id}=comments::insert($dbh, $config, $comment); $comment->{comment_id} = comments::insert( $dbh, $config, $comment );
if($comment->{comment_id}>0){ if ( $comment->{comment_id} > 0 ) {
comments::update_comment_count($dbh, $config, $comment); comments::update_comment_count( $dbh, $config, $comment );
delete_cache($config); send_mail( $comment, $nslookup, 'new' );
send_mail($comment, $nslookup, 'new');
} }
} }
sub is_blocked{ sub is_blocked {
my $nslookup=shift; my $nslookup = shift;
my $user_agent=$ENV{HTTP_USER_AGENT}; my $user_agent = $ENV{HTTP_USER_AGENT};
my $block=0; my $block = 0;
$block = 1 $block = 1
if ( ( $user_agent eq 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0' ) if ( $user_agent eq 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0' )
&& ( $nslookup =~ /alicedsl/ ) ); && ( $nslookup =~ /alicedsl/ );
$block = 1
if $user_agent eq
'Mozilla/5.0 (Linux; Android 8.0.0; ANE-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36';
return $block; return $block;
} }
sub send_mail{ sub send_mail {
my $comment = shift; my $comment = shift;
my $nslookup = shift; my $nslookup = shift;
my $status = shift || 'new'; my $status = shift || 'new';
my $ip = $ENV{REMOTE_ADDR}||''; my $ip = $ENV{REMOTE_ADDR} || '';
my $user_agent = $ENV{HTTP_USER_AGENT}||''; my $user_agent = $ENV{HTTP_USER_AGENT} || '';
my $cookie = $ENV{HTTP_COOKIE}||''; my $cookie = $ENV{HTTP_COOKIE} || '';
my $from = 'no-reply@'; my $from = 'no-reply@localhost';
my $to = 'info@'; my $to = 'info@localhost';
my $subject = "$status comment from '$comment->{author}': $comment->{content}"; my $subject = "$status comment from '$comment->{author}': $comment->{content}";
my $content = "$status comment my $content = "$status comment
@@ -93,20 +98,20 @@ EMAIL: $comment->{email}
CONTENT: '$comment->{content}' CONTENT: '$comment->{content}'
view event view event
https://piradio.de/programm/sendung/$comment->{event_id}.html#comments https://localhost/programm/sendung/$comment->{event_id}.html#comments
"; ";
if ($status eq 'new'){ if ( $status eq 'new' ) {
$content.=" $content .= "
manage comments: manage comments:
https://piradio.de/agenda/planung/comment.cgi?project_id=1&studio_id=1 https://localhost/agenda/planung/comment.cgi?project_id=1&studio_id=1
lock this comment lock this comment
https://piradio.de/agenda/planung/comment.cgi?event_id=$comment->{event_id}&comment_id=$comment->{comment_id}&set_lock_status=blocked https://localhost/agenda/planung/comment.cgi?event_id=$comment->{event_id}&comment_id=$comment->{comment_id}&set_lock_status=blocked
"; ";
} }
$content.=qq{ $content .= qq{
----------------------------------------------------------- -----------------------------------------------------------
SENDER IP: $ip ($comment->{ip}) SENDER IP: $ip ($comment->{ip})
@@ -122,126 +127,99 @@ $nslookup
To => $to, To => $to,
Subject => $subject, Subject => $subject,
Data => $content Data => $content
#.Dumper($comment)
); );
$msg->send; $msg->send;
} }
sub nslookup{ sub nslookup {
my $ip =$ENV{REMOTE_ADDR}; my $ip = $ENV{REMOTE_ADDR};
my $nslookup=''; my $nslookup = '';
if($ip=~/^([\d\.]+)$/){ if ( $ip =~ /^([\d\.]+)$/ ) {
$ip=$1; $ip = $1;
return `nslookup '$ip'`; return `nslookup '$ip'`;
} }
return ''; return '';
} }
sub delete_cache{ sub check_params {
my $config=shift; my $config = shift;
my $params = shift;
unless($config->{locations}->{base_dir}=~/a-zA-Z/){ my $template = template::check( $config, $params->{'template'}, 'comments.html' );
print STDERR "add_comment.cgi: base_dir is not configured\n";
return; my $comment = {};
}
unless($config->{cache}->{cache_dir}=~/a-zA-Z/){ my $event_start = $params->{'event_start'} || '';
print STDERR "add_comment.cgi: cache_dir is not configured\n"; if ( $event_start =~ /^(\d\d\d\d\-\d\d\-\d\d[ T]\d\d\:\d\d)(\:\d\d)?$/ ) {
return; $comment->{event_start} = $1;
} } else {
unless($config->{controllers}->{comments}=~/a-zA-Z/){ log::error( $config, 'add_comment.cgi: invalid date "' . $event_start . '"' );
print STDERR "add_comment.cgi: contoller 'comments' is not configured\n";
return;
} }
my $cache_dir=$config->{locations}->{base_dir}.'/'.$config->{cache}->{cache_dir}.'/'; my $event_id = $params->{'event_id'} || '';
if ( $event_id =~ /^(\d+)$/ ) {
$comment->{event_id} = $1;
} else {
log::error( $config, 'add_comment.cgi: invalid id' );
}
my $widget_cache=$cache_dir.'/'.$config->{controllers}->{comments}; my $parent_id = $params->{'parent_id'} || '';
`rm -f $widget_cache/*` if (-d $widget_cache); if ( $parent_id =~ /^(\d+)$/ ) {
$comment->{parent_id} = $1;
} else {
$comment->{parent_id} = 0;
}
my $aggregator_dir=$cache_dir.'/programm/'.$config->{controllers}->{comments}; $comment->{content} = $params->{'content'} || '';
`rm -f $aggregator_dir/*` if (-d $aggregator_dir); $comment->{content} = escape_text( $comment->{content} );
$comment->{content} = substr( $comment->{content}, 0, 1000 );
log::error( $config, 'add_comment.cgi: missing body' ) if ( $comment->{content} eq '' );
$comment->{author} = $params->{'author'} || '';
$comment->{author} = escape_text( $comment->{author} );
$comment->{author} = substr( $comment->{author}, 0, 40 );
log::error( $config, 'add_comment.cgi: missing name' ) if ( $comment->{author} eq '' );
$comment->{email} = $params->{'email'} || '';
$comment->{email} = escape_text( $comment->{email} );
$comment->{email} = substr( $comment->{email}, 0, 40 );
$comment->{title} = $params->{'title'} || '';
$comment->{title} = escape_text( $comment->{title} );
$comment->{title} = substr( $comment->{title}, 0, 80 );
$comment->{ip} = $ENV{REMOTE_ADDR} || '';
log::error( $config, 'missing ip' ) if ( $comment->{ip} eq '' );
$comment->{ip} = Digest::MD5::md5_base64( $comment->{ip} );
my $today = time::datetime_to_array( time::time_to_datetime() );
my $date = time::datetime_to_array( $comment->{event_start} );
my $delta_days = time::days_between( $today, $date );
log::error( $config, 'add_comment.cgi: no comments allowed, yet' )
if ( $delta_days > $config->{permissions}->{no_new_comments_before} );
log::error( $config, 'add_comment.cgi: no comments allowed anymore' )
if ( $delta_days < -1 * $config->{permissions}->{no_new_comments_after} );
return {
template => $template,
comment => $comment
};
} }
sub check_params{ sub escape_text {
my $config=shift; my $s = shift;
my $params=shift; $s =~ s/^\s+//g;
$s =~ s/\s+$//g;
my $template = template::check($config, $params->{'template'}, 'comments.html' ); #remove broken HTML
$s =~ s/<[a-z\!\?\[\/][^\>]+?\>//gi;
my $comment={}; $s =~ s/<[a-z\!\?\[\/]\>//gi;
my $event_start=$params->{'event_start'}||'';
if ($event_start=~/^(\d\d\d\d\-\d\d\-\d\d[ T]\d\d\:\d\d)(\:\d\d)?$/){
$comment->{event_start}=$1;
}else{
log::error($config, 'add_comment.cgi: invalid date "'.$event_start.'"');
}
my $event_id=$params->{'event_id'}||'';
if ($event_id=~/^(\d+)$/){
$comment->{event_id}=$1;
}else{
log::error($config, 'add_comment.cgi: invalid id');
}
my $parent_id=$params->{'parent_id'}||'';
if ($parent_id=~/^(\d+)$/){
$comment->{parent_id}=$1;
}else{
$comment->{parent_id}=0;
}
$comment->{content}=$params->{'content'}||'';
$comment->{content}=escape_text($comment->{content});
$comment->{content}=substr($comment->{content},0,1000);
log::error($config, 'add_comment.cgi: missing body') if ($comment->{content}eq'');
$comment->{author}=$params->{'author'}||'';
$comment->{author}=escape_text($comment->{author});
$comment->{author}=substr($comment->{author},0,40);
log::error($config, 'add_comment.cgi: missing name') if ($comment->{author}eq'');
$comment->{email}=$params->{'email'}||'';
$comment->{email}=escape_text($comment->{email});
$comment->{email}=substr($comment->{email},0,40);
$comment->{title}=$params->{'title'}||'';
$comment->{title}=escape_text($comment->{title});
$comment->{title}=substr($comment->{title},0,80);
$comment->{ip}=$ENV{REMOTE_ADDR}||'';
log::error($config, 'missing ip') if ($comment->{ip}eq'');
$comment->{ip}=Digest::MD5::md5_base64($comment->{ip});
my $today=time::datetime_to_array(time::time_to_datetime());
my $date =time::datetime_to_array($comment->{event_start});
my $delta_days=time::days_between($today,$date);
log::error( $config, 'add_comment.cgi: no comments allowed, yet' )
if ( $delta_days > $config->{permissions}->{no_new_comments_before} );
log::error( $config, 'add_comment.cgi: no comments allowed anymore' )
if ( $delta_days < -1 * $config->{permissions}->{no_new_comments_after} );
return {
template =>$template,
comment =>$comment
};
}
sub escape_text{
my $s=shift;
$s=~s/^\s+//g;
$s=~s/\s+$//g;
#remove broken HTML
$s=~s/<[a-z\!\?\[\/][^\>]+?\>//gi;
$s=~s/<[a-z\!\?\[\/]\>//gi;
$s = markup::escapeHtml($s); $s = markup::escapeHtml($s);
$s=~s/[\n\r]+/\<br \/\>/g; $s =~ s/[\n\r]+/\<br \/\>/g;
$s=~s/\<br \/\>/\<br \/\>\n/g; $s =~ s/\<br \/\>/\<br \/\>\n/g;
$s=~s/\<br \/\>\s*$//g; $s =~ s/\<br \/\>\s*$//g;
return $s; return $s;
} }