| [vhffs-dev] [640] Project preferences is now on one page. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 640
Author: beuss
Date: 2007-06-07 20:18:09 +0000 (Thu, 07 Jun 2007)
Log Message:
-----------
Project preferences is now on one page.
Removed now unused files.
Added some HTML escaping to prevent XSS using various descriptions.
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Group.pm
trunk/vhffs-api/src/Vhffs/Panel/Group.pm
trunk/vhffs-api/src/Vhffs/Panel/Main.pm
trunk/vhffs-api/src/Vhffs/Panel/User.pm
trunk/vhffs-api/src/examples/create_group.pl
trunk/vhffs-api/src/examples/join_group.pl
trunk/vhffs-panel/Makefile.am
trunk/vhffs-panel/admin/cvs/edit.pl
trunk/vhffs-panel/admin/cvs/show.pl
trunk/vhffs-panel/admin/group/edit.pl
trunk/vhffs-panel/admin/group/show.pl
trunk/vhffs-panel/admin/mail/edit.pl
trunk/vhffs-panel/admin/mail/show.pl
trunk/vhffs-panel/admin/moderation.pl
trunk/vhffs-panel/admin/mysql/edit.pl
trunk/vhffs-panel/admin/mysql/show.pl
trunk/vhffs-panel/admin/object/edit.pl
trunk/vhffs-panel/admin/pgsql/edit.pl
trunk/vhffs-panel/admin/pgsql/show.pl
trunk/vhffs-panel/admin/repository/edit.pl
trunk/vhffs-panel/admin/repository/show.pl
trunk/vhffs-panel/admin/user/list.pl
trunk/vhffs-panel/admin/web/edit.pl
trunk/vhffs-panel/admin/web/show.pl
trunk/vhffs-panel/group/prefs.pl
trunk/vhffs-panel/public/allgroups.pl
trunk/vhffs-panel/public/allwebsites.pl
trunk/vhffs-panel/public/group.pl
trunk/vhffs-panel/public/lastgroups.pl
trunk/vhffs-panel/public/user.pl
trunk/vhffs-panel/public/websearch.pl
trunk/vhffs-panel/templates/Makefile.am
trunk/vhffs-panel/templates/group/list_user.tmpl
trunk/vhffs-panel/templates/group/prefs.tmpl
trunk/vhffs-panel/themes/vhffs-ng/main.css
trunk/vhffs-panel/web/prefs.pl
trunk/vhffs-tests/src/Group.pl
Removed Paths:
-------------
trunk/vhffs-panel/group/join_group.pl
trunk/vhffs-panel/group/prefs_save.pl
trunk/vhffs-panel/group/remove_user_from_group.pl
trunk/vhffs-panel/templates/group/each_user.tmpl
Modified: trunk/vhffs-api/src/Vhffs/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Group.pm 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/Vhffs/Group.pm 2007-06-07 20:18:09 UTC (rev 640)
@@ -125,27 +125,25 @@
}
+=head2 remove_user
+
+ $group->remove_user( $uid );
+
+Remove an user from a given group.
+Return false if an error occurs or if the
+user wasn't in the group.
+
+=cut
+
sub remove_user
{
use Vhffs::Constants;
my $self = shift;
- my $user = shift;
+ my $uid = shift;
- my $query;
- my $request;
- my $result;
-
- $query = 'UPDATE vhffs_user_group SET state=? WHERE gid=? AND uid=?';
- $request = $self->{'db'}->prepare( $query );
- $result = $request->execute(Vhffs::Constants::TO_DELETE, $self->{'gid'}, $user->get_uid);
- # execute return false if an error occurs and '0E0' (which is true but == 0)
- # if 0 rows are altered
- return -1 if($result == 0);
-
- return 1;
-
-
+ my $sql = 'UPDATE vhffs_user_group SET state=? WHERE gid=? AND uid=?';
+ return $self->{db}->do( $sql, {}, Vhffs::Constants::TO_DELETE, $self->{gid}, $uid ) > 0;
}
@@ -154,9 +152,6 @@
{
my $self = shift;
-# $self->{'quota'} = $self->{'main'}->get_config->get_users->{'default_quota'} if ( ! defined $self->{'quota'} );
- # $self->{'quota_used'} = $self->{'quota'} if ( ! defined $self->{'quota_used'} );
-
my $sql = 'UPDATE vhffs_groups SET quota = ?, quota_used = ?, owner_uid = ?, uid_mod = ? WHERE gid = ?';
my $sth = $self->{db}->prepare($sql);
$sth->execute( $self->{'quota'}, $self->{'quota_used'}, $self->{'owner_uid'}, $self->{'uid_mod'}, $self->{'gid'}) or return -1;
@@ -304,19 +299,22 @@
return 1;
}
+=head2 add_user
-sub add_user
-{
- my( $self , $user ) = @_;
+ $group->add_user($uid);
- return -1 if( ! defined $user );
+Adds an user to a group. Returns false if user
+doesn't exists or if there was an error.
- my $query = 'INSERT INTO vhffs_user_group( uid, gid, state) VALUES( ?, ?, ? )';
- my $request = $self->{'db'}->prepare( $query ) or return -2;
- $request->execute($user->{'uid'}, $self->{'gid'}, Vhffs::Constants::WAITING_FOR_CREATION) or return -3;
+=cut
- return 1;
-
+sub add_user
+{
+ my( $self , $uid ) = @_;
+
+ my $sql = 'INSERT INTO vhffs_user_group(uid, gid, state) VALUES(?, ?, ?)';
+ my $res = $self->{db}->do( $sql, {}, $uid, $self->{gid}, Vhffs::Constants::WAITING_FOR_CREATION );
+ return $res && $res > 0;
}
sub set_quota
Modified: trunk/vhffs-api/src/Vhffs/Panel/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2007-06-07 20:18:09 UTC (rev 640)
@@ -44,17 +44,35 @@
use Vhffs::Main;
use Vhffs::Panel::Main;
+=head1 NAME
-sub getall_users_per_group
-{
- my $main = shift;
- my $groupname = shift;
+Vhffs::Panel::Group - Handle group information in the panel.
- my $query = "SELECT u.username, g.groupname from vhffs_users u, vhffs_groups g, vhffs_user_group ug WHERE ug.gid = g.gid AND ug.uid=u.uid AND g.groupname='".$groupname."' AND ug.state='6'";
- my $request = $main->{'db'}->prepare( $query );
+=head1 METHODS
- return undef if ( $request->execute <= 0 );
- return( $request->fetchall_hashref('username') );
+=head2 getall_users
+
+ $users = Vhffs::Panel::Group::getall_users( $vhffs, $gid );
+
+Returns an array of hashes {uid, username, state} containing all users of
+the given group (C<state> is a descriptive string).
+
+=cut
+
+sub getall_users
+{
+ my ($main, $gid) = @_;
+ my $sql = 'SELECT u.uid, u.username, ug.state FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid = u.uid WHERE ug.gid = ?';
+ my $dbh = $main->get_db_object;
+ my $sth = $dbh->prepare($sql) or return -1;
+ $sth->execute($gid) or return -2;
+ my $users = [];
+ while(my $u = $sth->fetchrow_hashref) {
+ $u->{active} = ($u->{state} == Vhffs::Constants::ACTIVATED);
+ $u->{state} = Vhffs::Functions::status_string_from_status_id($u->{state});
+ push @$users, $u;
+ }
+ return $users;
}
sub search
@@ -140,7 +158,7 @@
return undef unless( defined $group );
- return undef if ($group->add_user( $user ) < 0 );
+ return undef if ($group->add_user( $user->get_uid ) < 0 );
return undef if ( Vhffs::Acl::add_acl( $user , $group , Vhffs::Constants::ACL_DELETE , $main ) < 0 );
Modified: trunk/vhffs-api/src/Vhffs/Panel/Main.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Main.pm 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/Vhffs/Panel/Main.pm 2007-06-07 20:18:09 UTC (rev 640)
@@ -568,7 +568,7 @@
if($config->use_repository) {
my $repos = Vhffs::Panel::Repository::getall_per_group( $vhffs, $gid );
- $services_list .= $self->create_service_index('repo', $repos);
+ $services_list .= $self->create_service_index('repository', $repos);
}
if($config->use_dns) {
Modified: trunk/vhffs-api/src/Vhffs/Panel/User.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/User.pm 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/Vhffs/Panel/User.pm 2007-06-07 20:18:09 UTC (rev 640)
@@ -101,11 +101,11 @@
my $users = [];
if( defined $name ) {
- $sql = 'SELECT u.username, u.firstname, u.lastname , o.object_id AS oid, o.state FROM vhffs_users u INNER JOIN vhffs_object o ON o.object_id = u.object_id WHERE u.username LIKE ? OR u.firstname LIKE ? OR u.lastname LIKE ?';
+ $sql = 'SELECT u.uid, u.username, u.firstname, u.lastname , o.object_id AS oid, o.state FROM vhffs_users u INNER JOIN vhffs_object o ON o.object_id = u.object_id WHERE u.username LIKE ? OR u.firstname LIKE ? OR u.lastname LIKE ?';
my $p = '%'.$name.'%';
push(@params, $p, $p, $p);
} else {
- $sql = 'SELECT u.username, u.firstname, u.lastname , o.object_id AS oid, o.state FROM vhffs_users u INNER JOIN vhffs_object o ON o.object_id = u.object_id';
+ $sql = 'SELECT u.uid, u.username, u.firstname, u.lastname , o.object_id AS oid, o.state FROM vhffs_users u INNER JOIN vhffs_object o ON o.object_id = u.object_id';
}
my $dbh = $main->get_db_object();
Modified: trunk/vhffs-api/src/examples/create_group.pl
===================================================================
--- trunk/vhffs-api/src/examples/create_group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/examples/create_group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -30,5 +30,5 @@
print "Group $groupname created!\n";
}
-$group->add_user( $user );
+$group->add_user( $user->get_uid );
Modified: trunk/vhffs-api/src/examples/join_group.pl
===================================================================
--- trunk/vhffs-api/src/examples/join_group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-api/src/examples/join_group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -19,4 +19,4 @@
my $group = Vhffs::Group::get_by_groupname($princ, $groupname);
die("Group not found\n") unless(defined $group);
-die("Unable to add $username to group $groupname\n") unless($group->add_user($user) > 0);
+die("Unable to add $username to group $groupname\n") unless($group->add_user($user->get_uid) > 0);
Modified: trunk/vhffs-panel/Makefile.am
===================================================================
--- trunk/vhffs-panel/Makefile.am 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/Makefile.am 2007-06-07 20:18:09 UTC (rev 640)
@@ -104,11 +104,8 @@
dns/prefs.pl \
group/create.pl \
group/delete.pl \
- group/join_group.pl \
- group/prefs_save.pl \
group/prefs.pl \
group/project_submit.pl \
- group/remove_user_from_group.pl \
help/cvs.html \
help/index.html \
js/prototype.js \
Modified: trunk/vhffs-panel/admin/cvs/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/cvs/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/cvs/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -113,7 +113,7 @@
$template->param( PRIVATE_SELECTED => "selected" );
}
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_CVSROOT => $object->get_cvsroot);
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
$template->param( VALUE_OWNER => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owneruid ));
Modified: trunk/vhffs-panel/admin/cvs/show.pl
===================================================================
--- trunk/vhffs-panel/admin/cvs/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/cvs/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -108,7 +108,7 @@
$template->param( VALUE_PUBLIC => gettext("No") );
}
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_CVSROOT => $object->get_cvsroot);
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
$template->param( VALUE_OWNER => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owneruid ));
Modified: trunk/vhffs-panel/admin/group/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/group/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/group/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -112,7 +112,7 @@
$template->param( VALUE_QUOTA => $group->get_quota );
$template->param( VALUE_QUOTA_USED => $group->get_quota_used );
- $template->param( VALUE_DESCRIPTION => $group->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
my $oid = $group->get_oid;
$template->param( VALUE_HISTORY => "/history.pl?OID=$oid" );
Modified: trunk/vhffs-panel/admin/group/show.pl
===================================================================
--- trunk/vhffs-panel/admin/group/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/group/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -104,7 +104,7 @@
$template->param( VALUE_OWNER => $group->get_owner_username );
$template->param( VALUE_QUOTA => $group->get_quota );
$template->param( VALUE_QUOTA_USED => $group->get_quota_used );
- $template->param( VALUE_DESCRIPTION => $group->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
$template->param( VALUE_STATUS => Vhffs::Functions::status_string_from_status_id ($group->get_status) );
my $oid = $group->{'object_id'};
Modified: trunk/vhffs-panel/admin/mail/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/mail/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/mail/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -103,7 +103,7 @@
$template->param( SEND => gettext("Send") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DOMAIN => $object->get_domain );
$template->param( VALUE_CATCHALL => $object->get_catchall );
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
Modified: trunk/vhffs-panel/admin/mail/show.pl
===================================================================
--- trunk/vhffs-panel/admin/mail/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/mail/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -102,7 +102,7 @@
$template->param( TEXT_DESCRIPTION => gettext("Description") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DOMAIN => $object->get_domain );
$template->param( VALUE_CATCHALL => $object->get_catchall );
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
Modified: trunk/vhffs-panel/admin/moderation.pl
===================================================================
--- trunk/vhffs-panel/admin/moderation.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/moderation.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -111,7 +111,7 @@
$subtemplate->param( GROUP => $temp->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => Vhffs::Functions::stripslashes( $temp->get_description ) );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -153,7 +153,7 @@
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -194,7 +194,7 @@
$subtemplate->param( NAME => $temp->get_domain );
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -238,7 +238,7 @@
$subtemplate->param( NAME => $temp->get_cvsroot );
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -281,7 +281,7 @@
}
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -326,7 +326,7 @@
$subtemplate->param( GROUP => $svn->get_group->get_groupname );
$subtemplate->param( OID => $svn->get_oid );
- $subtemplate->param( DESCRIPTION => $svn->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $svn->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -371,7 +371,7 @@
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description);
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -414,7 +414,7 @@
$subtemplate->param( NAME => $temp->get_dbname );
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -456,7 +456,7 @@
$subtemplate->param( NAME => $temp->get_dbname );
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
@@ -498,7 +498,7 @@
$subtemplate->param( NAME => $temp->get_name );
$subtemplate->param( GROUP => $temp->get_group->get_groupname );
$subtemplate->param( OID => $temp->get_oid );
- $subtemplate->param( DESCRIPTION => $temp->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $temp->get_description ) );
$subtemplate->param( ACCEPT => gettext("Accept") );
$subtemplate->param( REFUSE => gettext("Refuse") );
$output.= $subtemplate->output;
Modified: trunk/vhffs-panel/admin/mysql/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/mysql/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/mysql/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -103,7 +103,7 @@
$template->param( SEND => gettext("Send") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DBNAME => $object->get_dbname );
$template->param( VALUE_DBUSER => $object->get_dbusername );
$template->param( VALUE_DBPASS => $object->get_dbpassword);
Modified: trunk/vhffs-panel/admin/mysql/show.pl
===================================================================
--- trunk/vhffs-panel/admin/mysql/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/mysql/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -99,7 +99,7 @@
$template->param( TEXT_STATUS => gettext("Status") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DBNAME => $object->get_dbname );
$template->param( VALUE_DBUSER => $object->get_dbusername );
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
Modified: trunk/vhffs-panel/admin/object/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/object/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/object/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -98,7 +98,7 @@
$template->param( SEND => gettext("Send") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_OID => $object->get_oid );
$template->param( VALUE_UID => $object->get_owner_uid );
$template->param( VALUE_USERNAME => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owner_uid ));
Modified: trunk/vhffs-panel/admin/pgsql/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/pgsql/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/pgsql/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -102,7 +102,7 @@
$template->param( SEND => gettext("Send") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DBNAME => $object->get_dbname );
$template->param( VALUE_DBUSER => $object->get_dbusername );
$template->param( VALUE_DBPASS => $object->get_dbpassword);
Modified: trunk/vhffs-panel/admin/pgsql/show.pl
===================================================================
--- trunk/vhffs-panel/admin/pgsql/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/pgsql/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -99,7 +99,7 @@
$template->param( TEXT_DESCRIPTION => gettext("Description") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_DBNAME => $object->get_dbname );
$template->param( VALUE_DBUSER => $object->get_dbusername );
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
Modified: trunk/vhffs-panel/admin/repository/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/repository/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/repository/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -102,7 +102,7 @@
$template->param( TEXT_QUOTA => gettext("Quota") );
$template->param( TEXT_QUOTAUSED => gettext("Quota used") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_NAME => $object->get_name);
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
$template->param( VALUE_OWNER => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owneruid ));
Modified: trunk/vhffs-panel/admin/repository/show.pl
===================================================================
--- trunk/vhffs-panel/admin/repository/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/repository/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -100,7 +100,7 @@
$template->param( TEXT_QUOTA => gettext("Quota") );
$template->param( TEXT_QUOTAUSED => gettext("Quota used") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_NAME => $object->get_name);
$template->param( VALUE_GROUP => Vhffs::Group::get_name_by_gid( $vhffs , $object->get_ownergid ));
$template->param( VALUE_OWNER => Vhffs::User::get_name_by_uid( $vhffs , $object->get_owneruid ));
Modified: trunk/vhffs-panel/admin/user/list.pl
===================================================================
--- trunk/vhffs-panel/admin/user/list.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/user/list.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -65,7 +65,7 @@
}
else
{
- $template = new HTML::Template( filename => $templatedir."/admin/misc/list.tmpl" );
+ $template = new HTML::Template( filename => $templatedir."/admin/misc/list.tmpl", die_on_bad_params => 0 );
if( defined( $name ) )
{
Modified: trunk/vhffs-panel/admin/web/edit.pl
===================================================================
--- trunk/vhffs-panel/admin/web/edit.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/web/edit.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -105,7 +105,7 @@
$template->param( SEND => gettext("Send") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_SERVERNAME => $object->get_servername );
$template->param( VALUE_ALERT => $object->get_alertlimit );
$template->param( VALUE_ALERT_STATE => $object->get_alertstate );
Modified: trunk/vhffs-panel/admin/web/show.pl
===================================================================
--- trunk/vhffs-panel/admin/web/show.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/admin/web/show.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -101,7 +101,7 @@
$template->param( TEXT_DESCRIPTION => gettext("Description") );
$template->param( TEXT_HISTORY => gettext("History") );
- $template->param( VALUE_DESCRIPTION => $object->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $object->get_description ) );
$template->param( VALUE_SERVERNAME => $object->get_servername );
$template->param( VALUE_ALERT => $object->get_alertlimit );
$template->param( VALUE_ALERT_STATE => $object->get_alertstate );
Deleted: trunk/vhffs-panel/group/join_group.pl
===================================================================
--- trunk/vhffs-panel/group/join_group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/group/join_group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,129 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-
-use POSIX qw(locale_h);
-use HTML::Template;
-use locale;
-use Locale::gettext;
-use CGI;
-use CGI::Session;
-use strict;
-
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::User;
-use Vhffs::Main;
-use Vhffs::Group;
-use Vhffs::Panel::Main;
-use Vhffs::Panel::Menu;
-use Vhffs::Panel::Group;
-
-my $panel = new Vhffs::Panel::Main();
-if(!$panel) {
- exit 0;
-}
-
-my $vhffs = $panel->{'vhffs'};
-my $session = $panel->{'session'};
-my $maintemplate = $panel->{'template'};
-my $user = $panel->{'user'};
-my $group = $panel->{'group'};
-my $cgi = $panel->{'cgi'};
-my $username = $cgi->param( "USERNAME" );
-my $message;
-
-my $templatedir = $vhffs->get_config->get_templatedir;
-
-my $user2 = Vhffs::User::get_by_username( $vhffs , $username );
-my $template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
-
-if( ! defined( $username ) )
-{
- $message = gettext("CGI Error");
-}
-elsif( ( Vhffs::Acl::what_perm_for_user( $user , $group, $vhffs ) < Vhffs::Constants::ACL_MODIFY ) && ( $user->is_admin != 1 ))
-{
- $message = gettext( "You're not allowed to do this (ACL rights)" );
-}
-else{
-
- if( defined $user2 )
- {
- if( $group->add_user( $user2 ) < 0 )
- {
- $message = gettext( "Cannot add this user in this group");
- }
- else
- {
- $message = gettext( "Sucessfully added this user to this group. Please wait while robots add him");
- }
- }
- else
- {
- use Vhffs::Panel::User;
-
- my $subtemplate;
- my $output = "";
-
- my $users = Vhffs::Panel::User::search( $vhffs , $username );
-
- if( defined $users )
- {
- $template = new HTML::Template( filename => $templatedir."/group/add_user.tmpl" );
- $template->param( TEXT_TITLE => gettext("Many users matched your query. Please choose between them") );
-
- foreach( @{$users} )
- {
- $subtemplate = new HTML::Template( filename => $templatedir."/group/list_user.tmpl" );
- $subtemplate->param( VALUE_FIRSTNAME => $_->{'firstname'} );
- $subtemplate->param( VALUE_LASTNAME => $_->{'lastname'} );
- $subtemplate->param( VALUE_USERNAME => $_->{'username'} );
- $subtemplate->param( VALUE_GROUPNAME => $group->get_groupname );
- $subtemplate->param( TEXT_SEND => gettext("Add this user to this group"));
-
- $output .= $subtemplate->output;
- }
- $message = $output ;
-
- }
- else
- {
- $message = gettext( "Doe not exist in the VHFFS database") ;
- }
-
- }
-
-}
-
-$template->param( MESSAGE => $message );
-
-#set_refresh_url Vhffs::Panel::Main($panel, "/group/prefs.pl", 0);
-display Vhffs::Panel::Main($panel, $template->output);
Modified: trunk/vhffs-panel/group/prefs.pl
===================================================================
--- trunk/vhffs-panel/group/prefs.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/group/prefs.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -56,42 +56,131 @@
my $user = $panel->{'user'};
my $projectname = $session->param("project");
+my $group = $panel->{'group'};
my $templatedir = $vhffs->get_config->get_templatedir;
+my $access_level = Vhffs::Acl::what_perm_for_user( $user , $group , $vhffs );
my $template;
-my $subtemplate;
-my $message;
-my $group = $panel->{'group'};
-if( ! defined $group )
-{
+if( ! defined $group ) {
$template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
$template->param( MESSAGE => gettext( "Error. This group doesn't exists") );
-}
-elsif( $group->get_status != Vhffs::Constants::ACTIVATED )
-{
+} elsif( $group->get_status != Vhffs::Constants::ACTIVATED ) {
$template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
$template->param( MESSAGE => gettext( "This object is not functional yet. Please wait creation or moderation.") );
-}
-elsif( ( Vhffs::Acl::what_perm_for_user( $user , $group , $vhffs ) < Vhffs::Constants::ACL_VIEW ) && ( $user->is_admin != 1 ) )
-{
+} elsif( $access_level < Vhffs::Constants::ACL_VIEW && ( $user->is_admin != 1 ) ) {
$template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
- $message = gettext("You're not allowed to do this (ACL rights)");
- $template->param( MESSAGE => $message );
-}
-else
-{
- $template = new HTML::Template( filename => $templatedir."/group/prefs.tmpl" );
+ $template->param( MESSAGE => gettext( 'You\'re not allowed to do this (ACL rights)' ) );
+} else {
+ my $cgi = $panel->{cgi};
+ $template = new HTML::Template( filename => $templatedir.'/group/prefs.tmpl', global_vars => 1 );
- $template->param( TEXT_TITLE => gettext("Project Preferences") );
-$template->param( TEXT_QUOTA => gettext("If you want more disk space for your project, you must fill a form in the bug report section, in the menu. Don't forget to mention the name of the group.") );
+ if( defined( $cgi->param( 'update_desc_submit' ) ) ) {
+ # Description modification
+ if( $access_level < Vhffs::Constants::ACL_MODIFY && $user->is_admin != 1 ) {
+ $panel->add_error( gettext( 'You\'re not allowed to do this (ACL rights)' ) );
+ } else {
+ my $description = $cgi->param( 'description' );
+ if( ! defined ($description) ) {
+ $panel->add_error( gettext('CGI error') );
+ } elsif( $description =~ /^\s*$/ ) {
+ $panel->add_error( gettext('You must enter a description') );
+ } else {
+ $group->set_description($description);
+ if($group->commit < 0) {
+ $panel->add_error( gettext('An error occured while updating the project') );
+ } else {
+ $panel->add_info( gettext('Description updated') );
+ }
+ }
+ }
+ } elsif( defined( $cgi->param( 'remove_user_submit' ) ) ) {
+ # User removal
+ if( $access_level < Vhffs::Constants::ACL_MODIFY && $user->is_admin != 1 ) {
+ $panel->add_error( gettext( 'You\'re not allowed to do this (ACL rights)' ) );
+ } else {
+ my $uid = $cgi->param( 'uid' );
+ if( ! defined($uid) || $uid !~ /^\d+$/ ) {
+ $panel->add_error( gettext('CGI error') );
+ } elsif( $uid == $group->get_owneruid ) {
+ $panel->add_error( gettext('You cannot remove the owner of the group') );
+ } elsif( $group->remove_user($uid) ) {
+ $panel->add_info( gettext('This user will be removed from this group as soon as possible') );
+ } else {
+ $panel->add_error( gettext('Unable to remove user from group') );
+ }
+ }
+ } elsif( defined( $cgi->param( 'add_user_submit' ) ) ) {
+ if( $access_level < Vhffs::Constants::ACL_MODIFY && $user->is_admin != 1 ) {
+ $panel->add_error( gettext( 'You\'re not allowed to do this (ACL rights)' ) );
+ } else {
+ my $username = $cgi->param( 'username' );
+ if( ! defined($username)) {
+ $panel->add_error( gettext('CGI error') );
+ } elsif( $username =~ /^\s*$/ ) {
+ $template->param( ADD_USER_MSG_CLASS => 'error' );
+ $template->param( ADD_USER_MSG => gettext('You must enter an username') );
+ } else {
+ # First, we try to get an user with the *exact* name
+ my $new_user = Vhffs::User::get_by_username( $vhffs, $username);
+ if(defined $new_user) {
+ # Fine, user exists, let's add it
+ if( $group->add_user( $new_user->get_uid ) ) {
+ $template->param( ADD_USER_MSG_CLASS => 'info' );
+ $template->param( ADD_USER_MSG => gettext('User will be added as soon as possible') );
+ } else {
+ $template->param( ADD_USER_MSG_CLASS => 'error' );
+ $template->param( ADD_USER_MSG => gettext('Unable to add user, he might already be in the group (waiting for addition or deletion)') );
+ }
+ } else {
+ # User not found with exact match,let's search
+ my $users = Vhffs::Panel::User::search( $vhffs , $username );
+ if( !@{$users} ) {
+ $template->param( ADD_USER_MSG_CLASS => 'error' );
+ $template->param( ADD_USER_MSG => gettext('User not found') );
+ } else {
+ # Let's make a nice table
+ my $subtemplate = new HTML::Template( filename => $templatedir.'/group/list_user.tmpl', global_vars => 1, die_on_bad_params => 0 );
+
+ $subtemplate->param( USERS => $users );
+ $subtemplate->param( TEXT_ADD => gettext('Add') );
+ $template->param( ADD_USER_MSG_CLASS => 'info' );
+ $template->param( ADD_USER_MSG => gettext('Many users matched your query. Please choose between them') );
+ $template->param( USERS_LIST => $subtemplate->output );
+ }
+ }
+ }
+ }
+ } elsif( defined( $cgi->param('add_user_list_submit') ) ) {
+ if( $access_level < Vhffs::Constants::ACL_MODIFY && $user->is_admin != 1 ) {
+ $panel->add_error( gettext( 'You\'re not allowed to do this (ACL rights)' ) );
+ } else {
+ my $uid = $cgi->param( 'uid' );
+ if( ! defined($uid) || $uid !~ /^\d+$/ ) {
+ $panel->add_error( gettext('CGI error') );
+ } else {
+ if( $group->add_user( $uid ) ) {
+ $template->param( ADD_USER_MSG_CLASS => 'info' );
+ $template->param( ADD_USER_MSG => gettext('User will be added as soon as possible') );
+ } else {
+ $template->param( ADD_USER_MSG_CLASS => 'error' );
+ $template->param( ADD_USER_MSG => gettext('Unable to add user, he might already be in the group (waiting for addition or deletion)') );
+ }
+ }
+ }
+ }
+
+
+ $panel->set_title( gettext('Project Preferences') );
+
+ $template->param( TEXT_QUOTA => gettext("If you want more disk space for your project, you must fill a form in the bug report section, in the menu. Don't forget to mention the name of the group.") );
$template->param( TEXT_PROJECTNAME => $projectname );
$template->param( TEXT_OWNER => gettext("Project Owner") );
$template->param( VALUE_OWNER => $group->get_owner_username );
$template->param( TEXT_DESCRIPTION => gettext("Project Description") );
- $template->param( VALUE_DESCRIPTION => $group->get_description);
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML($group->get_description) );
$template->param( VALUE_OID => $group->get_oid);
$template->param( TEXT_MODIFY => gettext("Modify") );
$template->param( TEXT_DELETE_PROJECT => gettext("Delete this project") );
@@ -103,28 +192,20 @@
$template->param( TEXT_USERNAME => gettext("Username") );
$template->param( TEXT_JOIN_GROUP => gettext("Add a user in this group") );
- $template->param( TEXT_SEND => gettext("Add this user !") );
+ $template->param( TEXT_SEND => gettext('Add') );
- $template->param( SEND_AVATAR => gettext("Send logo") );
- $template->param( TEXT_AVATAR => gettext("Send logo") );
- $template->param( EXPLAIN_AVATAR => gettext("The avatar is an image to describe the group") );
- $template->param( CURRENT_AVATAR => gettext("Current avatar") );
+ $template->param( SEND_AVATAR => gettext('Update') );
+ $template->param( TEXT_AVATAR => gettext('Logo') );
+ $template->param( EXPLAIN_AVATAR => gettext('The avatar is an image to describe the group') );
+ $template->param( CURRENT_AVATAR => gettext('Current avatar') );
+ $template->param( UPDATE_AVATAR => gettext('Update avatar') );
- my $output = "";
- my $users = Vhffs::Panel::Group::getall_users_per_group( $vhffs , $group->get_groupname );
-
- foreach ( keys %{$users} )
- {
- $subtemplate = new HTML::Template( filename => $templatedir."/group/each_user.tmpl" );
- $subtemplate->param( VALUE_GROUPNAME => $group->get_groupname );
- $subtemplate->param( TEXT_SUBMIT => gettext("Remove this user from this group" ) );
- $subtemplate->param( USERNAME => $_ );
- $output .= $subtemplate->output;
- }
-
- $template->param( SUBTITLE_USERS => gettext( "All users in this group" ) );
- $template->param( USERS => $output );
+ $template->param( USERS => Vhffs::Panel::Group::getall_users( $vhffs , $group->get_gid ) );
+ $template->param( REMOVE_USER_TEXT => gettext( 'Remove' ) );
+ $template->param( NO_USER_TEXT => gettext( 'No user for this group' ) );
+ $template->param( USERS_TEXT => gettext( 'Users' ) );
+ $template->param( CURRENT_USERS => gettext( 'All users in this group' ) );
}
display Vhffs::Panel::Main($panel, $template->output);
Deleted: trunk/vhffs-panel/group/prefs_save.pl
===================================================================
--- trunk/vhffs-panel/group/prefs_save.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/group/prefs_save.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,101 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-
-use POSIX qw(locale_h);
-use HTML::Template;
-use locale;
-use Locale::gettext;
-use CGI;
-use CGI::Session;
-use strict;
-
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::User;
-use Vhffs::Main;
-use Vhffs::Group;
-use Vhffs::Panel::Main;
-use Vhffs::Panel::Menu;
-use Vhffs::Panel::Group;
-
-my $panel = new Vhffs::Panel::Main();
-if(!$panel) {
- exit 0;
-}
-
-my $vhffs = $panel->{'vhffs'};
-my $session = $panel->{'session'};
-my $maintemplate = $panel->{'template'};
-my $user = $panel->{'user'};
-my $group = $panel->{'group'};
-my $cgi = $panel->{'cgi'};
-my $message;
-
-#my $owner = $cgi->param("PROJECT_OWNER");
-#my $userowner = new Vhffs::User( $vhffs , $owner , 401) ;
-
-my $description = $cgi->param("DESCRIPTION");
-
-my $templatedir = $vhffs->get_config->get_templatedir;
-
-#We test if the owner exist
-
-my $retour;
-if( ! defined ( $description ) )
-{
- $message = gettext("CGI Error !");
-}
-elsif( ( Vhffs::Acl::what_perm_for_user( $user , $group , $vhffs ) < Vhffs::Constants::ACL_MODIFY ) && ( $user->is_admin != 1 ) )
-{
- $message = gettext("You're not allowed to do this (ACL rights)");
-}
-elsif( $group->get_status != Vhffs::Constants::ACTIVATED )
-{
- $message = gettext("This group is not activated yet");
-}
-else{
-
- # We set informations group fill in the form
- $group->set_description( $description );
-# $group->set_owner( $owner );
- # Commit all the changes for the current user
- if( $group->commit < 0 ) {
- $message = gettext("An error occured while updating the project");
- } else {
- $message = gettext("Project Successfully modified");
- }
-}
-
-my $template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
-$template->param( MESSAGE => $message );
-
-set_refresh_url Vhffs::Panel::Main($panel, "/group/prefs.pl", 0);
-display Vhffs::Panel::Main($panel, $template->output);
Deleted: trunk/vhffs-panel/group/remove_user_from_group.pl
===================================================================
--- trunk/vhffs-panel/group/remove_user_from_group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/group/remove_user_from_group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,100 +0,0 @@
-#!%PERL% -w
-# Copyright (c) vhffs project and its contributors
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#3. Neither the name of vhffs nor the names of its contributors
-# may be used to endorse or promote products derived from this
-# software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-
-use POSIX qw(locale_h);
-use HTML::Template;
-use locale;
-use Locale::gettext;
-use CGI;
-use CGI::Session;
-use strict;
-
-use lib '%VHFFS_LIB_DIR%';
-use Vhffs::User;
-use Vhffs::Main;
-use Vhffs::Group;
-use Vhffs::Panel::Main;
-use Vhffs::Panel::Menu;
-use Vhffs::Panel::Group;
-
-my $panel = new Vhffs::Panel::Main();
-if(!$panel) {
- exit 0;
-}
-
-my $vhffs = $panel->{'vhffs'};
-my $session = $panel->{'session'};
-my $maintemplate = $panel->{'template'};
-my $user = $panel->{'user'};
-my $group = $panel->{'group'};
-my $cgi = $panel->{'cgi'};
-my $message;
-
-my $username = $cgi->param("USERNAME");
-my $user2 = Vhffs::User::get_by_username( $vhffs , $username );
-
-my $templatedir = $vhffs->get_config->get_templatedir;
-
-#We test if the owner exist
-
-if( ! defined $username )
-{
- $message = gettext("CGI Error");
-}
-elsif( Vhffs::Acl::what_perm_for_user( $user , $group , $vhffs ) < Vhffs::Constants::ACL_MODIFY )
-{
- $message = gettext( "You're not allowed to do this (ACL rights)" );
-}
-elsif( !defined $user2 )
-{
- $message = gettext( "This user does not exists ");
-}
-elsif( $user2->get_uid == $group->get_owneruid )
-{
- $message = gettext( "Cannot remove the owner from a group");
-}
-else{
- if( $group->remove_user( $user2 ) < 0 )
- {
- $message = gettext( "This user is not in this group " . $user2->get_uid);
- }
- else
- {
- $message = gettext( "This user will be removed from this group as soon as possible" );
- }
-}
-
-my $template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
-$template->param( MESSAGE => $message );
-
-set_refresh_url Vhffs::Panel::Main($panel, "/group/prefs.pl", 0);
-display Vhffs::Panel::Main($panel, $template->output);
Modified: trunk/vhffs-panel/public/allgroups.pl
===================================================================
--- trunk/vhffs-panel/public/allgroups.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/allgroups.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -82,7 +82,7 @@
$template->param( TEXT_USERS => gettext("Users") );
$template->param( TEXT_DESCRIPTION => gettext("Description") );
- $template->param( VALUE_DESCRIPTION => $group->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
my $output = "";
Modified: trunk/vhffs-panel/public/allwebsites.pl
===================================================================
--- trunk/vhffs-panel/public/allwebsites.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/allwebsites.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -86,7 +86,7 @@
$template->param( SERVERNAME => $web->get_servername );
$template->param( TEXT_GROUPNAME => gettext("Owned by"));
$template->param( GROUPNAME => Vhffs::Group::get_name_by_gid( $vhffs , $web->get_ownergid ) );
- $template->param( DESCRIPTION => $web->get_description );
+ $template->param( DESCRIPTION => CGI::escapeHTML( $web->get_description ) );
$output .= $template->output;
Modified: trunk/vhffs-panel/public/group.pl
===================================================================
--- trunk/vhffs-panel/public/group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -90,7 +90,7 @@
$template->param( TEXT_GROUPNAME => gettext("Groupname") );
$template->param( TEXT_DESCRIPTION => gettext("Description") );
$template->param( VALUE_GROUPNAME => $group->get_groupname );
- $template->param( VALUE_DESCRIPTION => $group->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
$template->param( TEXT_USERS => gettext("Users") );
@@ -128,7 +128,7 @@
{
$subtemplate = new HTML::Template( filename => $templatedir."/public/misc/web-part.tmpl" );
$subtemplate->param( SERVERNAME => $_->get_servername );
- $subtemplate->param( DESCRIPTION => $_->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $_->get_description ) );
$output .= $subtemplate->output;
}
@@ -178,7 +178,7 @@
{
$subtemplate = new HTML::Template( filename => $templatedir."/public/misc/svn-part.tmpl" );
$subtemplate->param( SVNROOT => $_->get_reponame );
- $subtemplate->param( DESCRIPTION => $_->get_description );
+ $subtemplate->param( DESCRIPTION => CGI::escapeHTML( $_->get_description ) );
$subtemplate->param( SVNURL => $vhffs->get_config->get_svnweburl . '/svn_' . $group->get_groupname . '_' . $_->get_reponame . '/' );
$output .= $subtemplate->output;
}
Modified: trunk/vhffs-panel/public/lastgroups.pl
===================================================================
--- trunk/vhffs-panel/public/lastgroups.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/lastgroups.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -75,7 +75,7 @@
$template->param( TEXT_USERS => gettext("Users") );
$template->param( TEXT_DESCRIPTION => gettext("Description") );
- $template->param( VALUE_DESCRIPTION => $group->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
my $output = "";
my $users = $group->get_users;
Modified: trunk/vhffs-panel/public/user.pl
===================================================================
--- trunk/vhffs-panel/public/user.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/user.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -64,14 +64,14 @@
if( ! defined $name )
{
- $template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
+ $template = new HTML::Template( filename => $templatedir.'/misc/simplemsg.tmpl' );
my $message = gettext( "CGI ERROR!");
$template->param( MESSAGE => $message );
}
elsif( ! defined ($user= Vhffs::User::get_by_username( $vhffs , $name ) ) )
{
- $template = new HTML::Template( filename => $templatedir."/misc/simplemsg.tmpl" );
+ $template = new HTML::Template( filename => $templatedir.'/public/simplemsg.tmpl' );
my $message = gettext( "No such user");
$template->param( MESSAGE => $message );
Modified: trunk/vhffs-panel/public/websearch.pl
===================================================================
--- trunk/vhffs-panel/public/websearch.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/public/websearch.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -84,7 +84,7 @@
$template->param( SERVERNAME => $web->get_servername );
$template->param( GROUPNAME => Vhffs::Group::get_name_by_gid( $vhffs , $web->get_ownergid ) );
- $template->param( DESCRIPTION => $web->get_description );
+ $template->param( DESCRIPTION => CGI::escapeHTML( $web->get_description ) );
$output .= $template->output;
Modified: trunk/vhffs-panel/templates/Makefile.am
===================================================================
--- trunk/vhffs-panel/templates/Makefile.am 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/templates/Makefile.am 2007-06-07 20:18:09 UTC (rev 640)
@@ -88,7 +88,6 @@
dns/prefs.tmpl \
group/add_user.tmpl \
group/create.tmpl \
- group/each_user.tmpl \
group/info.tmpl \
group/list_user.tmpl \
group/prefs.tmpl \
Deleted: trunk/vhffs-panel/templates/group/each_user.tmpl
===================================================================
--- trunk/vhffs-panel/templates/group/each_user.tmpl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/templates/group/each_user.tmpl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,11 +0,0 @@
-<tr>
- <td><tmpl_var name="USERNAME"></td>
- <td>
- <form method="post" action="remove_user_from_group.pl">
- <input type="submit" value="<tmpl_var name="TEXT_SUBMIT">" />
- <input type="hidden" name="GROUPNAME" value="<tmpl_var name="VALUE_GROUPNAME">" />
- <input type="hidden" name="USERNAME" value="<tmpl_var name="USERNAME">" />
- </form>
- </td>
-</tr>
-
Modified: trunk/vhffs-panel/templates/group/list_user.tmpl
===================================================================
--- trunk/vhffs-panel/templates/group/list_user.tmpl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/templates/group/list_user.tmpl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,18 +1,7 @@
-<tr>
- <td>
- <tmpl_var name="VALUE_FIRSTNAME">
- </td>
- <td>
- <tmpl_var name="VALUE_LASTNAME">
- </td>
- <td>
- <tmpl_var name="VALUE_USERNAME">
- </td>
- <td>
- <form method="post" action="join_group.pl">
- <input type="hidden" name="USERNAME" value="<tmpl_var name="VALUE_USERNAME">" />
- <input type="hidden" name="GROUPNAME" value="<tmpl_var name="VALUE_GROUPNAME">" />
- <input type="submit" value="<tmpl_var name="TEXT_SEND">" />
- </form>
- </td>
-</tr>
+<tmpl_loop name="USERS">
+<form action="#" method="post">
+<input type="hidden" name="uid" value="<tmpl_var name="UID">"/>
+<p><label><tmpl_var NAME="USERNAME"> (<tmpl_var name="FIRSTNAME"> <tmpl_var name="LASTNAME">)</label>
+<input type="submit" name="add_user_list_submit" value="<tmpl_var name="TEXT_ADD">"/></p>
+</form>
+</tmpl_loop>
Modified: trunk/vhffs-panel/templates/group/prefs.tmpl
===================================================================
--- trunk/vhffs-panel/templates/group/prefs.tmpl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/templates/group/prefs.tmpl 2007-06-07 20:18:09 UTC (rev 640)
@@ -1,64 +1,62 @@
-<h1><tmpl_var name="TEXT_TITLE"></h1>
+<p class="info"><tmpl_var name="TEXT_QUOTA"></p>
-<h2><tmpl_var name="TEXT_QUOTA"></h2>
-
<h2><tmpl_var name="TEXT_PROJECTNAME"></h2>
-<form method="post" action="/group/prefs_save.pl">
- <p>
- <label>
- <tmpl_var name="TEXT_OWNER"> :
- </label>
- <tmpl_var name="VALUE_OWNER">
- </p>
- <p>
- <label for="DESCRIPTION">
- <tmpl_var name="TEXT_DESCRIPTION"> :
- </label>
- <textarea name="DESCRIPTION" id="DESCRIPTION" cols="45" rows="7"><tmpl_var name="VALUE_DESCRIPTION"></textarea>
- </p>
- <p class="button" id="buttonModify">
- <input type="submit" value="<tmpl_var name="TEXT_MODIFY">">
- </p>
+<form method="post" action="#">
+ <p>
+ <label><tmpl_var name="TEXT_OWNER">:</label>
+ <tmpl_var name="VALUE_OWNER">
+ </p>
+ <p><label for="description" class="description"><tmpl_var name="TEXT_DESCRIPTION">:</label></p>
+ <p><textarea name="description" id="description" class="description" cols="45" rows="7"><tmpl_var name="VALUE_DESCRIPTION"></textarea></p>
+ <p class="button" id="buttonModify">
+ <input type="submit" value="<tmpl_var name="TEXT_MODIFY">" name="update_desc_submit"/>
+ </p>
</form>
+<h2><tmpl_var name="USERS_TEXT"></h2>
+<h3><tmpl_var name="CURRENT_USERS"></h3>
+<tmpl_unless name="USERS">
+<p class="info"><tmpl_var name="NO_USER_TEXT"></p>
+</tmpl_unless>
+<tmpl_loop name="USERS">
+<tmpl_if name="ACTIVE">
+<form action="#" method="post">
+<input type="hidden" name="uid" value="<tmpl_var name="uid">"/>
+<p><label><tmpl_var name="username"></label><input type="submit" value="<tmpl_var name="REMOVE_USER_TEXT">" name="remove_user_submit"/></p>
+</form>
+<tmpl_else>
+<p><tmpl_var name="USERNAME"> — <tmpl_var name="STATE"></p>
+</tmpl_if>
+</tmpl_loop>
-<h2><tmpl_var name="SUBTITLE_USERS"></h2>
-<table>
- <tmpl_var name="USERS">
-</table>
+<a name="add_user"></a>
+<h3><tmpl_var name="TEXT_JOIN_GROUP"></h3>
-<h2><tmpl_var name="TEXT_JOIN_GROUP"></h2>
-
-<form method="post" action="join_group.pl">
+<form method="post" action="prefs.pl#add_user">
<p>
- <label for="USERNAME">
+ <label for="username_add">
<tmpl_var name="TEXT_USERNAME">
</label>
- <input type="TEXT" name="USERNAME" id="USERNAME" />
+ <input type="text" name="username" id="username_add" />
+ <input type="submit" value="<tmpl_var name="TEXT_SEND">" name="add_user_submit"/>
</p>
- <p class="button">
- <input type="hidden" name="GROUPNAME" value="<tmpl_var name="TEXT_PROJECTNAME">" />
- <input type="submit" value="<tmpl_var name="TEXT_SEND">" />
- </p>
</form>
+<tmpl_if name="ADD_USER_MSG"><p class="<tmpl_var name="ADD_USER_MSG_CLASS">"><tmpl_var name="ADD_USER_MSG"></p></tmpl_if>
+<tmpl_var name="USERS_LIST">
+
<h2><tmpl_var name="TEXT_AVATAR"></h2>
- <p>
- <h3><tmpl_var name="CURRENT_AVATAR"></h3>
- <img src="../getavatar.pl?oid=<tmpl_var name="VALUE_OID">" alt="avatar for this group"/>
- <p>
- <form method="post" action="../object/upavatar.pl" enctype="multipart/form-data">
- <p>
- <tmpl_var name="EXPLAIN_AVATAR">
- </p>
- <input type="hidden" name="OID" value="<tmpl_var name="VALUE_OID">"/>
- <input type="file" name="avatar"/>
- <br/>
- <input type="submit" value="<tmpl_var name="SEND_AVATAR">" />
- <input type="hidden" name=".cgifields" value="type" />
- </form>
+ <h3><tmpl_var name="CURRENT_AVATAR"></h3>
+ <p><img src="../getavatar.pl?oid=<tmpl_var name="VALUE_OID">" alt="avatar for this group"/></p>
+ <h3><tmpl_var name="UPDATE_AVATAR"></h3>
+ <form method="post" action="../object/upavatar.pl" enctype="multipart/form-data">
+ <p><tmpl_var name="EXPLAIN_AVATAR"></p>
+ <input type="hidden" name="OID" value="<tmpl_var name="VALUE_OID">"/>
+ <p><input type="file" name="avatar"/></p>
+ <p><input type="submit" value="<tmpl_var name="SEND_AVATAR">" /></p>
+ </form>
<h2><tmpl_var name="TEXT_DELETE_PROJECT"></h2>
Modified: trunk/vhffs-panel/themes/vhffs-ng/main.css
===================================================================
--- trunk/vhffs-panel/themes/vhffs-ng/main.css 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/themes/vhffs-ng/main.css 2007-06-07 20:18:09 UTC (rev 640)
@@ -225,10 +225,11 @@
margin-bottom:5px;
}
-form input, form select
+/*form input, form select
{
width:200px;
}
+*/
input.autowidth {
width:auto;
@@ -406,7 +407,6 @@
{
color:red;
text-align: center;
- width: 50%;
font-weight:bold;
}
@@ -807,3 +807,10 @@
height:15px;
}
+textarea.description {
+ width:100%;
+}
+
+label.description {
+ float:none;
+}
Modified: trunk/vhffs-panel/web/prefs.pl
===================================================================
--- trunk/vhffs-panel/web/prefs.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-panel/web/prefs.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -99,7 +99,7 @@
$template->param( TEXT_DESCRIPTION => gettext("Description of your webarea") );
#Show the current description
- $template->param( VALUE_DESCRIPTION => $web->get_description );
+ $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $web->get_description ) );
if( $web->get_crawl == 1 )
{
Modified: trunk/vhffs-tests/src/Group.pl
===================================================================
--- trunk/vhffs-tests/src/Group.pl 2007-06-06 07:13:25 UTC (rev 639)
+++ trunk/vhffs-tests/src/Group.pl 2007-06-07 20:18:09 UTC (rev 640)
@@ -35,7 +35,7 @@
is_deeply($group1a, $group1, 'Fetched group matches created one');
ok($group1->is_user_in_group($user1), 'Moderator is in group');
-ok($group1a->add_user( $user2 ), 'Other user can be added');
+ok($group1a->add_user( $user2->get_uid ), 'Other user can be added');
ok($group1->is_user_in_group($user2), 'Second user addition visible in group1');
ok($group1->remove_user($user2), 'Second user removed from group1');