diff --git a/en/cgi/dosendpr.cgi b/en/cgi/dosendpr.cgi index 46133583e4..4b2247d9ec 100755 --- a/en/cgi/dosendpr.cgi +++ b/en/cgi/dosendpr.cgi @@ -1,189 +1,190 @@ #!/usr/bin/perl # # Send-pr perl script to send a pr. # # Copyright (c) 1996 Free Range Media # # Copying and distribution permitted under the conditions of the # GNU General Public License Version 2. # (http://www.gnu.ai.mit.edu/copyleft/gpl.html) # -# $FreeBSD: www/en/cgi/dosendpr.cgi,v 1.22 2005/07/14 11:26:17 ceri Exp $ +# $FreeBSD: www/en/cgi/dosendpr.cgi,v 1.23 2005/11/06 22:07:23 ceri Exp $ require "html.pl"; use Socket; use DB_File; use Fcntl qw(:DEFAULT :flock); require "./Gnats.pm"; import Gnats; my $blackhole = "dnsbl.njabl.org"; my $openproxyip = "127.0.0.9"; my $blackhole_err = 0; my $openproxy; my $expiretime = 2700; $dbpath = "/tmp/sendpr-code.db"; # Environment variables to stuff in the PR header. my @ENV_captures = qw/ REMOTE_HOST REMOTE_ADDR REMOTE_PORT HTTP_REFERER HTTP_CLIENT_IP HTTP_FORWARDED HTTP_VIA HTTP_X_FORWARDED_FOR /; # env2hdr (@ENV_captures) # Returns X-header style headers for inclusion in the header of a PR sub env2hdr (@) { my $headers = ""; for my $var (shift @_) { next unless $ENV{$var}; $headers .= "X-$var: $ENV{$var}\n"; } return $headers; } # isopenproxy ($ip, $blackhole_zone, $positive_ip) # Returns undef on error, 0 if DNS lookup fails, $positive_ip if verified # proxy. A DNS lookup failing can either means that there was a network # problem, or that the IP is not listed in the blackhole zone. sub isopenproxy ($$$) { # If $? is already set, then a successful gethostbyname() leaves it set local $?; my ($ip, $zone, $proxyip) = @_; my ($reversed_ip, $packed); if (!defined $proxyip) { return undef }; $reversed_ip = join('.', reverse split(/\./, $ip)); $packed = gethostbyname("${reversed_ip}.${blackhole}"); return undef if $?; if ($packed && (inet_ntoa($packed) eq $proxyip)) { return $proxyip; } else { return 0; } } sub prerror { &html_title ("Problem Report Error"); &html_body(); print "

There is an error in the configuration of the problem\n", "report form generator. Please back up one page and report\n", "the problem to the owner of that page.
", "Report $_[0].

"; &html_end(); exit (1); } &www_content ("text","html"); &cgi_form_in(); &prerror("request method problem") if $ENV{'REQUEST_METHOD'} eq 'GET'; if (!$submission_program) { &prerror("submit program problem"); } &html_title ("Thank you for the problem report"); &html_body (); # Verify the data ... $db_obj = tie(%db_hash, 'DB_File', $dbpath, O_CREAT|O_RDWR, 0644) or die "dbcreate $dbpath $!"; $fd = $db_obj->fd; open(DB_FH, "+<&=$fd") or die "fdopen $!"; unless (flock (DB_FH, LOCK_EX | LOCK_NB)) { unless (flock (DB_FH, LOCK_EX)) { die "flock: $!" } } $codeentered = $cgi_data{'code-confirm'}; +$codeentered =~ s/.*/\U$&/; # Turn input uppercase $currenttime = time(); if (defined($codeentered) && $codeentered && $db_hash{$codeentered} && (($currenttime - $expiretime) <= $db_hash{$codeentered})) { if (!$cgi_data{'email'} || !$cgi_data{'originator'} || !$cgi_data{'synopsis'}) { print "

Bad Data

You need to specify at least your ", "electronic mail address, your name and a synopsis ", "of the problem.
Please return to the form and add the ", "missing information. Thank you.

"; &html_end(); exit(1); } } else { print "

Incorrect safety code

You need to enter the correct ", "code from the image displayed. Please return to the form and enter the ", "code exactly as shown. Thank you.

"; &html_end(); exit(1); } # This code has now been used, so remove it. delete $db_hash{"$codeentered"}; # Sweep for and remove expired codes. foreach $randomcode (keys %db_hash) { if ( ($currenttime - $expiretime) >= $db_hash{$randomcode}) { delete $db_hash{"$randomcode"}; } } $db_obj->sync(); # to flush flock(DB_FH, LOCK_UN); undef $db_obj; # removing the last reference to the DB # closes it. Closing DB_FH is implicit. untie %db_hash; $openproxy = isopenproxy($ENV{'REMOTE_ADDR'}, $blackhole, $openproxyip); if (defined $openproxy) { if ($openproxy) { &prerror("$ENV{'REMOTE_ADDR'} is an open proxy server"); } } else { $blackhole_err++; } # Build the PR. $pr = "To: $submission_address\n" . "From: $cgi_data{'originator'} <$cgi_data{'email'}>\n" . "Subject: $cgi_data{'synopsis'}\n" . env2hdr(@ENV_captures); if ($blackhole_err) { $pr .= "X-REMOTE_ADDR-Is-Open-Proxy: Maybe\n"; } $pr .= "X-Send-Pr-Version: www-2.3\n\n" . ">Submitter-Id:\t$cgi_data{'submitterid'}\n" . ">Originator:\t$cgi_data{'originator'}\n" . ">Organization:\t$cgi_data{'organization'}\n" . ">Confidential:\t$cgi_data{'confidential'}\n" . ">Synopsis:\t$cgi_data{'synopsis'}\n" . ">Severity:\t$cgi_data{'severity'}\n" . ">Priority:\t$cgi_data{'priority'}\n" . ">Category:\t$cgi_data{'category'}\n" . ">Class:\t\t$cgi_data{'class'}\n" . ">Release:\t$cgi_data{'release'}\n" . ">Environment:\t$cgi_data{'environment'}\n" . ">Description:\n$cgi_data{'description'}\n" . ">How-To-Repeat:\n$cgi_data{'howtorepeat'}\n" . ">Fix:\n$cgi_data{'fix'}\n"; # remove any carrage returns that appear in the report. $pr =~ s/\r//g; if (open (SUBMIT, "|$submission_program")){ print SUBMIT $pr; close (SUBMIT); print "

Thank You

", "

Thank you for the problem report. You should receive confirmation", " of your report by electronic mail within a day.

"; } else { print "

Error

An error occured processing your problem report.

"; } &html_end(); diff --git a/en/cgi/query-pr.cgi b/en/cgi/query-pr.cgi index d00d950824..320653af5e 100755 --- a/en/cgi/query-pr.cgi +++ b/en/cgi/query-pr.cgi @@ -1,319 +1,320 @@ #!/usr/bin/perl -T -# $FreeBSD: www/en/cgi/query-pr.cgi,v 1.49 2005/11/07 10:43:19 ceri Exp $ +# $FreeBSD: www/en/cgi/query-pr.cgi,v 1.50 2005/11/09 21:38:31 fenner Exp $ $ENV{'PATH'} = "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin"; use DB_File; use Fcntl qw(:DEFAULT :flock); require "./cgi-lib.pl"; require "./cgi-style.pl"; require "getopts.pl"; require "./Gnats.pm"; import Gnats; my $expiretime = 2700; $dbpath = "/tmp/querypr-code.db"; &Getopts('cp:'); if ($opt_c) { $codeentered = $opt_c; } if ($opt_p) { $input{'pr'} = $opt_p; } else { if (! &ReadParse(*input)) { print &html_header("PR Query Interface"); print "

Please enter the PR number you wish to query:

\n"; ($scriptname = $ENV{'SCRIPT_NAME'}) =~ s|^/?|/|; $scriptname =~ s|/$||; ($summary = $scriptname) =~ s/query-pr/query-pr-summary/; print "
\n"; print "\n"; print "

To view the PR with email addresses, copy the code "; print " from the image below: \n"; print "

\n"; print "\n
\n"; print "

See also the PR summary

\n"; print &html_footer; exit 0; } } # allow query-pr.cgi? queries if (!($pr = $input{'pr'}) && &MethGet) { $pr = $ENV{'QUERY_STRING'}; } # Get the confirmation code if it exists # (and wasn't specified with -c). $codeentered ||= $input{'code-confirm'}; # Verify the data ... $db_obj = tie(%db_hash, 'DB_File', $dbpath, O_CREAT|O_RDWR, 0644) or die "dbcreate $dbpath $!"; $fd = $db_obj->fd; open(DB_FH, "+<&=$fd") or die "fdopen $!"; unless (flock (DB_FH, LOCK_EX | LOCK_NB)) { unless (flock (DB_FH, LOCK_EX)) { die "flock: $!" } } # Sweep for and remove expired codes. foreach $randomcode (keys %db_hash) { if ( ($currenttime - $expiretime) >= $db_hash{$randomcode}) { delete $db_hash{"$randomcode"}; } } +$codeentered =~ s/.*/\U$&/; # Turn input uppercase $currenttime = time(); if (defined($codeentered) && $codeentered && $db_hash{$codeentered} && (($currenttime - $expiretime) <= $db_hash{$codeentered})) { # This code is good. Set the flag and remove the code. $codeok++; delete $db_hash{"$codeentered"}; } else { # Fail silently. ; } $db_obj->sync(); # to flush flock(DB_FH, LOCK_UN); undef $db_obj; # removing the last reference to the DB # closes it. Closing DB_FH is implicit. untie %db_hash; # be tolerant to / queries $pr =~ s%^.+/%%; # remove / part if ($pr =~ /(\d+)/) { $pr = $1; } else { $pr = 0; } $pr = int($pr); # numeralize: "0123" -> 123 if ($pr < 1 || $pr > 499999) { print &html_header("FreeBSD Problem Report"); print "

Invalid problem report number: $pr

\n"; print &summary_link; print &html_footer; exit 0; } unless (open(Q, "$query_pr -F $pr 2>&1 |")) { print &html_header("Server error"); print "

Unable to open PR database.

\n"; print &summary_link; print &html_footer; die "Unable to query PR's"; } if ($input{'f'} eq 'raw') { print "Content-Type: text/plain\r\n\r\n"; print ; close(Q); exit 0; } $inhdr = 1; $multiline = 0; $from = ""; $replyto = ""; while() { chop; $html_fixup = 1; if (/^query-pr(:?\.(:?real|web))?: /) { print &html_header("FreeBSD problem report"); if ($_ !~ /^query-pr(:?\.(:?real|web))?: no PRs matched$/) { print "

query-pr said:\n"; print "

$_\n";
 	    print ;
 	    print "
\n"; } else { print "

No PR found matching $pr

\n"; } print &summary_link; print &html_footer; exit; } elsif (/^lockf: /) { print &html_header("FreeBSD problem report"); print "

The PR database is currently busy; please try ", "your query again.

"; print &summary_link; print &html_footer; exit; } # In e-mail header if ($inhdr && /^From:\s*(.*)$/i) { $from = $1; $from =~ s/.*<(.*)>.*/$1/; $from =~ s/\s*\(.*\)\s*//; } if ($inhdr && /^Reply-to:\s*(.*)$/i) { $replyto = $1; $replyto =~ s/.*<(.*)>.*/$1/; $replyto =~ s/\s*\(.*\)\s*//; } # End of e-mail header if ($inhdr && /^$/) { $from = $replyto if ($replyto); $email = $from; $email .= '@FreeBSD.org' unless ($email =~ /@/); $inhdr = 0; } if (/^>Responsible:/) { $_ = &getline($_); s/\(.*\)//; # remove personal name s/\s+//g; $_ = $_ . '@FreeBSD.org' if !/@/; $_ = ">Responsible:$_"; $html_fixup = 0; } s/^>Last-Modified:\s*$/>Last-Modified: never/; if (/^>Number:/) { $number = &getline($_); } elsif (/^>Category:/) { $cat = &getline($_); } elsif (/^>Synopsis:/) { $syn = &getline($_); $syn =~ s/[\t]+/ /g; $origsyn = $syn; $syn = &fixline($syn); print &html_header("Problem Report $cat/$number : $syn"); if (! $codeok ) { print "

View PR with email addresses

\n"; } print "

$syn

\n
\n"; } else { next if $inhdr; if (/^>(\S+):\s*(.*)/) { print $trailer . "\n" unless ($blank); $trailer = "
$1
\n"; if ($html_fixup) { $trailer .= &fixline($2); } else { $trailer .= $2; } if ($1 eq "Originator" && $from ne "" && $codeok) { # add email address $trailer .= " <" . &fixline($from) . ">"; } $trailer .= '
'; $blank = !($2); $multiline = 0; } else { unless ($multiline) { next if /^\s*$/; print $trailer . "\n
\n";
 	    }
 	    $multiline = 1;
 	    $blank = 0;
 	    print $html_fixup ? &fixline($_) : $_ , "\n";
 	    $trailer = "
"; } } } close(Q); print "$trailer\n" unless ($blank); print "
"; $origsyn =~ s/[^a-zA-Z+.@-]/"%" . sprintf("%02X", unpack("C", $&))/eg; $email =~ s/[^a-zA-Z+.@-]/"%" . sprintf("%02X", unpack("C", $&))/eg; print qq`Submit Followup | Raw PR | Find Another PR\n`; if (! $codeok ) { print ""; print "

To see this PR with email addresses "; print " displayed, enter the code from the image and submit:

\n"; print "
\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "
\n"; } print &html_footer; # Sleep 0.35 seconds to avoid DoS attacks from broken robots select undef, undef, undef, 0.35; exit 0; sub getline { local($_) = @_; ($tag,$remainder) = split(/\s+/, $_, 2); return $remainder; } sub summary_link { return qq`

Search for Another PR

\n`; } sub cvsweb { local($file) = shift; $file =~ s/[,.;]$//; return 'http://cvsweb.FreeBSD.org/' . $file; } sub srcref { local($_) = shift; local($rev) = '(rev\.?|revision):?\s+[0-9]\.[0-9.]+(\s+of)?'; local($src) = '((src|www|doc|ports)/[^\s]+)'; if (m%$rev\s*$src%oi || m%$src\s*$rev%) { s#$src#sprintf("%s", 34, &cvsweb($1), 34, $1)#ge; } return $_; } sub fixline { local(@splitline) = split(/((?:https?|ftp):\/\/[^\s"\(\)<>,;]+)/, shift); local($isurl) = 0; foreach (@splitline) { if ($isurl) { local($href) = local($html) = $_; $href =~ s/&/%26/g; $html =~ s/&/&/g; $_ = "$html"; } else { s/&/&/g; s//>/g; s%(\WPR[:s# \t]+)([a-z3486]+\/)?([0-9]+)%$1$2$3%ig; } $isurl = ! $isurl; } return &srcref(join('', @splitline)); }