Subversion Repositories wimsdev

Rev

Rev 14632 | Rev 17089 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2832 bpr 1 
!if $wims_class=
2 
  !read adm/language names.phtml
3 
!else
10087 bpr 4 
  !read adm/class/classlang names.phtml
2832 bpr 5 
  !set modu_lang=$moduclass_lang
6 
!endif
13683 obado 7 
 
14602 guerimand 8 
!! ---------- replaced by script/adm/partialdetag.proc
9 
!!# try to prevent HTML and JavaScript Injection
10 
!!# see code injection samples here : https://www.codeproject.com/Articles/134024/HTML-and-JavaScript-Injection
11 
!!# all prohibited words must be set without CAPS
12 
!!prohibited_words=</script >,</form >,</script>,</form>,<meta,behavior:,javascript:,onabort=,onafterprint=,onanimationend=,onanimationiteration=,onanimationstart=,onbeforeprint=,onbeforeunload=,onblur=,oncanplay=,oncanplaythrough=,onchange=,onclick=,oncontextmenu=,oncopy=,oncut=,ondblclick=,ondrag=,ondragend=,ondragenter=,ondragleave=,ondragover=,ondragstart=,ondrop=,ondurationchange=,onended=,onerror=,onfocus=,onfocusin=,onfocusout=,onfullscreenchange=,onfullscreenerror=,onhashchange=,oninput=,oninvalid=,onkeydown=,onkeypress=,onkeyup=,onload=,onloadeddata=,onloadedmetadata=,onloadstart=,onmessage=,onmousedown=,onmouseenter=,onmouseleave=,onmousemove=,onmouseover=,onmouseout=,onmouseup=,onmousewheel=,onoffline=,ononline=,onopen=,onpagehide=,onpageshow=,onpaste=,onpause=,onplay=,onplaying=,onpopstate=,onprogress=,onratechange=,onresize=,onreset=,onscroll=,onsearch=,onseeked=,onseeking=,onselect=,onshow=,onstalled=,onstorage=,onsubmit=,onsuspend=,ontimeupdate=,ontoggle=,ontouchcancel=,ontouchend=,ontouchmove=,ontouchstart=,ontransitionend=,onunload=,onvolumechange=,onwaiting=,onwheel=
1790 bpr 13 
wims_trustfile=primitives.phtml
23 reyssat 14 
wims_nw=Forumdir forumdir mb_readpolicy mb_sendpolicy mb_password \
14637 guerimand 15 
	mb_creation mb_nolink spolycode rpolycode mb_title mb_supervisor \
10991 bpr 16 
	mb_mail send_right read_right s_hidecode is_owner forumrealuser forumuser \
23 reyssat 17 
	user_lastname user_firstname user_email fuser fpassword \
18 
	month ident s_hidecode c_smail \
19 
	empty
20 
wims_nr=wims_sesrandom
21 
Forumdir=!replace internal ../wimshome/ by $wims_home/ in ../$forumdir
22 
!if robot isin $session
13679 bpr 23 
  job=list
24 
  !exit
23 reyssat 25 
!endif
26 
 
27 
!if $error!=$empty or $cmd=help
13679 bpr 28 
  !exit
23 reyssat 29 
!endif
30 
 
31 
!if $read_right=0
13679 bpr 32 
  error=no_read_right
33 
  !exit
23 reyssat 34 
!endif
35 
 
36 
!if $send_right=0 and $job iswordof preview compose send
13679 bpr 37 
  error=no_send_right
38 
  !exit
23 reyssat 39 
!endif
40 
 
41 
wims_multiexec=pari maxima yacas
42 
insmath_rawmath=yes
43 
insmath_slashsubst=yes
1790 bpr 44 
msg2wims_primitives=draw def define comment if for while doc
23 reyssat 45 
 
46 
!for i in preview,send,list
12902 obado 47 
  !if $(c_$i)!=$empty
48 
    job=$i
49 
  !endif
23 reyssat 50 
!next i
51 
!reset c_preview c_send c_list
237 bpr 52 
!bound job within list,thread,read,compose,preview,send,config,erase,threadlist default list
23 reyssat 53 
archlist=!record 0 of $forumdir/.archives
54 
archlist=!words2items $archlist
55 
!bound mlist within .newlist,$archlist default .newlist
56 
 
57 
# quote_lim: limit to number of lines in quoting.
58 
!distribute item 128,100,100,32,80,100 into \
59 
 subject_lim,list_lim,thread_lim,sender_lim,mail_lim,quote_lim
60 
 
61 
wims_form_method=post
10087 bpr 62 
 
63 
!!module_title=$mb_title
12902 obado 64 
 
23 reyssat 65 
!if $job iswordof preview send
12902 obado 66 
  lens=!sh cd $wims_home; bin/msg2wims $wims_sesdir/user-deposit $wims_sesdir/message.wims
14637 guerimand 67 
  !if $wims_user=supervisor or $mb_nolink!=yes
68 
    script_option=allowlink
69 
  !endif
14632 guerimand 70 
  !readproc adm/partialdetag.proc file $wims_home/$wims_sesdir/message.wims $wims_home/$wims_sesdir/message.wims
12902 obado 71 
  !if $wims_exec_error!=$empty
72 
    t=!trim $wims_exec_error
73 
    !if $t!=open_tag
74 
      error=$wims_exec_error
75 
      job=compose
76 
      !exit
77 
    !else
78 
      error=open_tag
79 
      job=preview
80 
    !endif
23 reyssat 81 
  !endif
12902 obado 82 
  !distribute word $lens into srclen,msglen
83 
  !if $srclen=0
84 
    job=preview
85 
  !endif
86 
  !if ($srclen>0 and $msglen=0) or $msglen=$empty
87 
    error=translation_fail
88 
    job=compose
89 
    !exit
90 
  !endif
91 
  c_sender=!items2words $c_sender
92 
  c_sender=!char 1 to $sender_lim of $c_sender
93 
  c_smail=!trim $c_smail
94 
  c_smail=!char 1 to $mail_lim of $c_smail
95 
  c_subject=!char 1 to $subject_lim of $c_subject
96 
  c_subject=!replace < by &lt; in $c_subject
23 reyssat 97 
!endif
98 
 
99 
!read var.proc.$job
100 
 
101 
!if $error!=$empty
12902 obado 102 
  wims_module_log=error: $error
23 reyssat 103 
!else
12902 obado 104 
  wims_module_log=$job  	$forum
105 
  !if classes isin $forumdir and $job iswordof read list
106 
    now=!date '+%Y%m%d%H%M%S'
107 
    !if $wims_user=supervisor and ($wims_realuser=$empty or $wims_realuser=supervisor)
108 
      deffile=wimshome/log/classes/$wims_class/supervisor
109 
    !else
110 
      !if $wims_realuser!=$empty
111 
        deffile=wimshome/log/classes/$wims_class/.users/$wims_realuser
112 
      !else
113 
        deffile=wimshome/log/classes/$wims_class/.users/$wims_user
114 
      !endif
115 
    !endif
116 
    !setdef !set user_lastmsg=$now in $deffile
23 reyssat 117 
  !endif
118 
!endif
119 
 
10991 bpr 120 
!set already_seen=!record 0 of $forumdir/.users/$forumrealuser