| [vhffs-dev] [1066] Websites list & all groups list are working again. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1066
Author: beuss
Date: 2007-11-07 06:50:11 +0000 (Wed, 07 Nov 2007)
Log Message:
-----------
Websites list & all groups list are working again.
Fixed potential XSS.
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Panel/Group.pm
trunk/vhffs-public/allgroups.pl
trunk/vhffs-public/templates/allwebsites.tmpl
trunk/vhffs-public/templates/group.tmpl
trunk/vhffs-public/templates/group_part.tmpl
trunk/vhffs-public/templates/index.tmpl
trunk/vhffs-public/templates/lastgroups.tmpl
trunk/vhffs-public/templates/misc/cvs-part.tmpl
trunk/vhffs-public/templates/misc/git-part.tmpl
trunk/vhffs-public/templates/misc/lastgroups-part.tmpl
trunk/vhffs-public/templates/misc/list-part.tmpl
trunk/vhffs-public/templates/misc/svn-part.tmpl
trunk/vhffs-public/templates/misc/web-part.tmpl
trunk/vhffs-public/templates/user.tmpl
trunk/vhffs-public/templates/user_part.tmpl
Modified: trunk/vhffs-api/src/Vhffs/Panel/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2007-11-07 06:50:11 UTC (rev 1066)
@@ -81,18 +81,8 @@
my @groups;
my $sql = 'SELECT g.gid, g.groupname, g.realname, o.description FROM vhffs_groups g LEFT OUTER JOIN vhffs_users u ON u.username=g.groupname INNER JOIN vhffs_object o ON o.object_id=g.object_id WHERE o.state=? AND u.username IS NULL ORDER BY o.date_creation DESC LIMIT 10';
- my $dbh = $main->get_db_object;
- my $sth = $dbh->prepare($sql);
- $sql = 'SELECT u.username FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid = u.uid WHERE ug.gid = ?';
- my $ssth = $dbh->prepare($sql);
- $sth->execute(Vhffs::Constants::ACTIVATED);
- while(my $row = $sth->fetchrow_hashref) {
- $ssth->execute($row->{gid});
- $row->{users} = $ssth->fetchall_arrayref({});
- push @groups, $row;
- }
- return \@groups;
+ return fetch_groups_and_users($main, $sql, Vhffs::Constants::ACTIVATED);
}
sub search
@@ -172,4 +162,45 @@
return $group;
}
+sub get_groups_starting_with {
+ my ($main, $letter) = @_;
+ my @params;
+
+ my $sql = 'SELECT g.gid, g.groupname, g.realname, o.description FROM vhffs_groups g LEFT OUTER JOIN vhffs_users u ON u.username=g.groupname INNER JOIN vhffs_object o ON o.object_id=g.object_id WHERE o.state=? AND u.username IS NULL';
+ push @params, Vhffs::Constants::ACTIVATED;
+ if(defined $letter) {
+ $sql .= ' AND SUBSTR(g.groupname, 1, 1) = ?';
+ push @params, $letter;
+ }
+
+ $sql .= ' ORDER BY g.groupname';
+
+ return fetch_groups_and_users($main, $sql, @params);
+}
+
+sub fetch_groups_and_users {
+ my ($main, $sql, @params) = @_;
+ my @groups;
+
+ my $dbh = $main->get_db_object;
+ my $sth = $dbh->prepare($sql);
+ $sql = 'SELECT u.username FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid = u.uid WHERE ug.gid = ?';
+ my $ssth = $dbh->prepare($sql);
+ $sth->execute(@params);
+ while(my $row = $sth->fetchrow_hashref) {
+ $ssth->execute($row->{gid});
+ $row->{users} = $ssth->fetchall_arrayref({});
+ push @groups, $row;
+ }
+
+ return \@groups;
+}
+
+sub get_used_letters {
+ my $main = shift;
+ my $dbh = $main->get_db_object;
+ my $sql = 'SELECT substr(g.groupname, 1, 1) AS letter, COUNT(*) AS count FROM vhffs_groups g LEFT OUTER JOIN vhffs_users u ON u.username = g.groupname INNER JOIN vhffs_object o ON o.object_id = g.object_id WHERE u.username IS NULL AND o.state = ? GROUP BY substr(g.groupname, 1, 1) ORDER BY substr(g.groupname, 1, 1)';
+ return $dbh->selectall_arrayref($sql, { Slice => {} }, Vhffs::Constants::ACTIVATED);
+}
+
1;
Modified: trunk/vhffs-public/allgroups.pl
===================================================================
--- trunk/vhffs-public/allgroups.pl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/allgroups.pl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -33,17 +33,14 @@
use utf8;
use POSIX qw(locale_h);
+use CGI;
use locale;
use Locale::gettext;
use lib '%VHFFS_LIB_DIR%';
-use Vhffs::User;
-use Vhffs::Group;
-use Vhffs::Main;
+use Vhffs::Panel::Group;
use Vhffs::Panel::Main;
use Vhffs::Panel::Template;
-use Vhffs::Constants;
-use CGI;
my $panel = new Vhffs::Panel::Main();
exit 0 unless $panel;
@@ -57,59 +54,21 @@
my $subtemplate;
my $template;
my $group;
-my $letter = ( defined $cgi->param('letter') ? $cgi->param('letter') : 'a' );
+my $letter = $cgi->param('letter');
+my $used_letters = Vhffs::Panel::Group::get_used_letters($vhffs);
+$letter = $used_letters->[0]{letter} unless(defined $letter || !defined $used_letters->[0]);
undef $letter if( $letter eq 'all');
-my $groups = Vhffs::Group::getall_by_letter( $vhffs , $letter, Vhffs::Constants::ACTIVATED );
+my $groups = Vhffs::Panel::Group::get_groups_starting_with( $vhffs , $letter );
my $output_final="";
-my $maintemplate = new Vhffs::Panel::Template( filename => $templatedir."/public/lastgroups.tmpl" );
+my $maintemplate = new Vhffs::Panel::Template( filename => $templatedir."/public/lastgroups.tmpl", die_on_bad_params => 0, loop_context_vars => 1 );
my $hostname = $vhffs->get_config->get_host_name;
$maintemplate->param( URL_PANEL => $vhffs->get_config->get_panel->{'url'} );
$maintemplate->param( TEXT_TITLE => sprintf( gettext("All groups on %s") , $hostname ) );
-$maintemplate->param( LETTERS => [ { letter => '0' }, { letter => '1' }, { letter => '2' }, { letter => '3' }, { letter => '4' }, { letter => '5' }, { letter => '6' }, { letter => '7' }, { letter => '8' }, { letter => '9' }, { letter => 'a' }, { letter => 'b' }, { letter => 'c' }, { letter => 'd' }, { letter => 'e' }, { letter => 'f' }, { letter => 'g' }, { letter => 'h' }, { letter => 'i' }, { letter => 'j' }, { letter => 'k' }, { letter => 'l' }, { letter => 'm' }, { letter => 'n' }, { letter => 'o' }, { letter => 'p' }, { letter => 'q' }, { letter => 'r' }, { letter => 's' }, { letter => 't' }, { letter => 'u' }, { letter => 'v' }, { letter => 'w' }, { letter => 'x' }, { letter => 'y' }, { letter => 'z' } ]);
+$maintemplate->param( LETTERS => $used_letters );
$maintemplate->param( ALL => gettext('All') );
-if( @{$groups} == 0 )
-{
- $maintemplate->param( MESSAGE => gettext('No group') );
-}
-foreach $group (@{$groups})
-{
- $template = new HTML::Template( filename => $templatedir."/public/misc/lastgroups-part.tmpl" );
+$maintemplate->param( GROUPS => $groups );
- $template->param( TEXT_GROUPNAME => gettext("Groupname") );
- $template->param( VALUE_GROUPNAME => $group->get_groupname );
- $template->param( VALUE_REALNAME => CGI::escapeHTML($group->get_realname) );
- $template->param( TEXT_USERS => gettext("Users") );
-
- $template->param( TEXT_DESCRIPTION => gettext("Description") );
- $template->param( VALUE_DESCRIPTION => CGI::escapeHTML( $group->get_description ) );
-
-
- my $output = "";
- my $users = $group->get_users;
- my $subtemplate;
- my $user;
- if( ! defined $users )
- {
- $template->param( VALUE_USERS => gettext("No group for this user") );
- }
- else
- {
- $subtemplate = new HTML::Template( filename => $templatedir."/public/user_part.tmpl" );
-
- foreach $user (@{$users})
- {
- $subtemplate->param( VALUE => $user->get_username );
- $output .= $subtemplate->output;
- }
-
- $template->param( VALUE_USERS => $output );
- }
- $output_final .= $template->output;
-}
-
-$maintemplate->param( VALUES => $output_final );
-
$panel->light( $maintemplate );
$panel->display;
Modified: trunk/vhffs-public/templates/allwebsites.tmpl
===================================================================
--- trunk/vhffs-public/templates/allwebsites.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/allwebsites.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -2,14 +2,12 @@
<div id="public">
<h1><TMPL_VAR NAME="TEXT_TITLE"></h1>
-<TMPL_IF NAME="LETTERS">
<p style="text-align:center">
<TMPL_LOOP name="LETTERS">
[<a href="/allwebsites.pl?letter=<TMPL_VAR name="letter">" title="<TMPL_VAR name="count"> <TMPL_I18N KEY="website(s)">"><TMPL_VAR name="letter"></a>]
</TMPL_LOOP>
[<a href="/allwebsites.pl?letter=all"><TMPL_VAR name="ALL"></a>]
</p>
-</TMPL_IF>
<TMPL_IF NAME="WEBSITES">
<TMPL_INCLUDE NAME="misc/web-part.tmpl">
<TMPL_ELSE>
Modified: trunk/vhffs-public/templates/group.tmpl
===================================================================
--- trunk/vhffs-public/templates/group.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/group.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,8 +1,8 @@
<TMPL_INCLUDE NAME="banner.tmpl">
<div id="public">
-<h1><TMPL_VAR NAME="VALUE_REALNAME"></h1>
+<h1><TMPL_VAR ESCAPE=1 NAME="VALUE_REALNAME"></h1>
<ul>
- <li><TMPL_I18N KEY="Groupname">: <TMPL_VAR NAME="VALUE_GROUPNAME"></li>
+ <li><TMPL_I18N KEY="Groupname">: <TMPL_VAR ESCAPE=1 NAME="VALUE_GROUPNAME"></li>
<li><TMPL_INCLUDE NAME="user_part.tmpl"></li>
</ul>
<fieldset><legend><TMPL_I18N KEY="Description"></legend>
Modified: trunk/vhffs-public/templates/group_part.tmpl
===================================================================
--- trunk/vhffs-public/templates/group_part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/group_part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,7 +1,7 @@
<TMPL_IF NAME="GROUPS">
<TMPL_I18N KEY="Groups">:
<TMPL_LOOP NAME="GROUPS">
- <a href="/group.pl?name=<TMPL_VAR NAME="GROUPNAME">"><TMPL_VAR NAME="GROUPNAME"></a><TMPL_UNLESS NAME="__LAST__">,</TMPL_UNLESS>
+ <a href="/group.pl?name=<TMPL_VAR ESCAPE=1 NAME="GROUPNAME">"><TMPL_VAR ESCAPE=1 NAME="GROUPNAME"></a><TMPL_UNLESS NAME="__LAST__">,</TMPL_UNLESS>
</TMPL_LOOP>
<TMPL_ELSE>
<TMPL_I18N KEY="No group">
Modified: trunk/vhffs-public/templates/index.tmpl
===================================================================
--- trunk/vhffs-public/templates/index.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/index.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,6 +1,6 @@
<TMPL_INCLUDE NAME="banner.tmpl">
<div id="public">
- <h1><TMPL_VAR NAME="TEXT_TITLE"></h1>
+ <h1><TMPL_VAR ESCAPE=1 NAME="TEXT_TITLE"></h1>
<h2><TMPL_I18N KEY="Users"></h2>
<ul>
Modified: trunk/vhffs-public/templates/lastgroups.tmpl
===================================================================
--- trunk/vhffs-public/templates/lastgroups.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/lastgroups.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,17 +1,17 @@
<TMPL_INCLUDE NAME="banner.tmpl">
<div id="public">
-<h1><tmpl_var name="TEXT_TITLE"></h1>
-<tmpl_if name="LETTERS">
+<h1><TMPL_VAR NAME="TEXT_TITLE"></h1>
+<TMPL_IF NAME="LETTERS">
<p style="text-align:center">
-<tmpl_loop name="LETTERS">
-[<a href="/allgroups.pl?letter=<tmpl_var name="letter">"><tmpl_var name="letter"></a>]
-</tmpl_loop>
-[<a href="/allgroups.pl?letter=all"><tmpl_var name="ALL"></a>]
+<TMPL_LOOP NAME="LETTERS">
+[<a href="/allgroups.pl?letter=<TMPL_VAR NAME="letter">"><TMPL_VAR NAME="letter"></a>]
+</TMPL_LOOP>
+[<a href="/allgroups.pl?letter=all"><TMPL_VAR NAME="ALL"></a>]
</p>
-<tmpl_if name="MESSAGE">
-<p style="text-align:center;font-weight:bold;"><tmpl_var name="MESSAGE"></p>
-</tmpl_if>
-</tmpl_if>
+<TMPL_IF NAME="MESSAGE">
+<p style="text-align:center;font-weight:bold;"><TMPL_VAR NAME="MESSAGE"></p>
+</TMPL_IF>
+</TMPL_IF>
<TMPL_INCLUDE NAME="misc/lastgroups-part.tmpl">
</div>
Modified: trunk/vhffs-public/templates/misc/cvs-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/cvs-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/cvs-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,5 +1,5 @@
<ul>
<TMPL_LOOP NAME="CVSREPOS">
-<li><a href="<TMPL_VAR NAME="WEBCVS">/<TMPL_VAR NAME="CVSROOT">"><tmpl_var name="CVSROOT"></a> — <tmpl_var name="DESCRIPTION"></li>
+<li><a href="<TMPL_VAR ESCAPE=1 NAME="WEBCVS">/<TMPL_VAR ESCAPE=1 NAME="CVSROOT">"><tmpl_var name="CVSROOT"></a> — <tmpl_var name="DESCRIPTION"></li>
</TMPL_LOOP>
</ul>
Modified: trunk/vhffs-public/templates/misc/git-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/git-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/git-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,6 +1,6 @@
<ul>
<TMPL_LOOP NAME="GITREPOS">
-<li><a href="<TMPL_VAR NAME="WEBGIT">/<TMPL_VAR NAME="REPONAME">"><TMPL_VAR NAME="REPONAME"></a>
-— <TMPL_VAR NAME="DESCRIPTION"></li>
+<li><a href="<TMPL_VAR ESCAPE=1 NAME="WEBGIT">/<TMPL_VAR ESCAPE=1 NAME="REPONAME">"><TMPL_VAR ESCAPE=1 NAME="REPONAME"></a>
+— <TMPL_VAR ESCAPE=1 NAME="DESCRIPTION"></li>
</TMPL_LOOP>
</ul>
Modified: trunk/vhffs-public/templates/misc/lastgroups-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/lastgroups-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/lastgroups-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,8 +1,8 @@
<TMPL_LOOP NAME="GROUPS">
<h2><a href="group.pl?name=<tmpl_var name="GROUPNAME">"><tmpl_var name="REALNAME"></a></h2>
<ul>
-<li><TMPL_I18N KEY="Groupname">: <TMPL_VAR NAME="GROUPNAME"></li>
+<li><TMPL_I18N KEY="Groupname">: <TMPL_VAR ESCAPE=1 NAME="GROUPNAME"></li>
<li><TMPL_I18N KEY="Users">: <TMPL_INCLUDE NAME="../user_part.tmpl"></li>
-<li><TMPL_I18N KEY="Description">: <tmpl_var name="DESCRIPTION"></li>
+<li><TMPL_I18N KEY="Description">: <TMPL_VAR ESCAPE=1 NAME="DESCRIPTION"></li>
</ul>
</TMPL_LOOP>
Modified: trunk/vhffs-public/templates/misc/list-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/list-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/list-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,8 +1,8 @@
<ul>
<TMPL_LOOP NAME="LISTS">
<li>
-<a href="<TMPL_VAR NAME="ARCHIVESURL">/<TMPL_VAR NAME="DOMAIN">/<TMPL_VAR NAME="LOCAL_PART">" title="<TMPL_I18N KEY="View Archives">"><TMPL_VAR EXPR="obfuscate_email(LISTNAME)"></a>
-— <TMPL_VAR NAME="DESCRIPTION">
+<a href="<TMPL_VAR ESCAPE=1 NAME="ARCHIVESURL">/<TMPL_VAR ESCAPE=1 NAME="DOMAIN">/<TMPL_VAR ESCAPE=1 NAME="LOCAL_PART">" title="<TMPL_I18N KEY="View Archives">"><TMPL_VAR EXPR="obfuscate_email(LISTNAME)"></a>
+— <TMPL_VAR ESCAPE=1 NAME="DESCRIPTION">
</li>
</TMPL_LOOP>
</ul>
Modified: trunk/vhffs-public/templates/misc/svn-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/svn-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/svn-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,6 +1,6 @@
<ul>
<TMPL_LOOP NAME="SVNREPOS">
- <li><a href="<TMPL_VAR NAME="WEBSVN">/<TMPL_VAR NAME="REPONAME">"><TMPL_VAR NAME="REPONAME"></a>
+ <li><a href="<TMPL_VAR ESCAPE=1 NAME="WEBSVN">/<TMPL_VAR ESCAPE=1 NAME="REPONAME">"><TMPL_VAR ESCAPE=1 NAME="REPONAME"></a>
<TMPL_IF NAME="GROUPNAME">
— <TMPL_I18N KEY="Owned by"> <a href="group.pl?name=<tmpl_var name="GROUPNAME">"><tmpl_var name="GROUPNAME"></a>
</TMPL_IF>
Modified: trunk/vhffs-public/templates/misc/web-part.tmpl
===================================================================
--- trunk/vhffs-public/templates/misc/web-part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/misc/web-part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -3,7 +3,7 @@
<li>
<a href="http://<tmpl_var name="SERVERNAME">"><tmpl_var name="SERVERNAME"></a>
<TMPL_IF NAME="GROUPNAME">
-— <TMPL_I18N KEY="Owned by"> <a href="/group.pl?name=<TMPL_VAR NAME="GROUPNAME">"><TMPL_VAR NAME="GROUPNAME"></a>
+— <TMPL_I18N KEY="Owned by"> <a href="/group.pl?name=<TMPL_VAR ESCAPE=1 NAME="GROUPNAME">"><TMPL_VAR ESCAPE=1 NAME="GROUPNAME"></a>
</TMPL_IF>
— <tmpl_var name="DESCRIPTION">
</li>
Modified: trunk/vhffs-public/templates/user.tmpl
===================================================================
--- trunk/vhffs-public/templates/user.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/user.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -3,7 +3,7 @@
<div id="public">
<h1><tmpl_var name="VALUE_USERNAME"></h1>
<TMPL_IF NAME="USE_AVATAR">
-<img src="/getavatar.pl?oid=<TMPL_VAR NAME="VALUE_OID">" alt="<TMPL_VAR NAME="VALUE_USERNAME">" class="avatar"/>
+<img src="/getavatar.pl?oid=<TMPL_VAR ESCAPE=1 NAME="VALUE_OID">" alt="<TMPL_VAR ESCAPE=1 NAME="VALUE_USERNAME">" class="avatar"/>
</TMPL_IF>
<tmpl_var escape=0 name="IMG_AVATAR">
<ul>
Modified: trunk/vhffs-public/templates/user_part.tmpl
===================================================================
--- trunk/vhffs-public/templates/user_part.tmpl 2007-11-06 22:21:46 UTC (rev 1065)
+++ trunk/vhffs-public/templates/user_part.tmpl 2007-11-07 06:50:11 UTC (rev 1066)
@@ -1,7 +1,7 @@
<TMPL_IF NAME="USERS">
<TMPL_I18N KEY="Users">:
<TMPL_LOOP NAME="USERS">
- <a href="/user.pl?name=<TMPL_VAR NAME="USERNAME">"><TMPL_VAR NAME="USERNAME"></a><TMPL_UNLESS NAME="__LAST__">,</TMPL_UNLESS>
+ <a href="/user.pl?name=<TMPL_VAR ESCAPE=1 NAME="USERNAME">"><TMPL_VAR ESCAPE=1 NAME="USERNAME"></a><TMPL_UNLESS NAME="__LAST__">,</TMPL_UNLESS>
</TMPL_LOOP>
<TMPL_ELSE>
<TMPL_I18N KEY="No user">