Subversion Repositories wimsdev

Rev

Rev 14637 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2832 bpr 1 
!if $wims_class=
2 
  !read adm/language names.phtml
3 
!else
10087 bpr 4 
  !read adm/class/classlang names.phtml
2832 bpr 5 
  !set modu_lang=$moduclass_lang
6 
!endif
13683 obado 7 
 
14602 guerimand 8 
!! ---------- replaced by script/adm/partialdetag.proc
9 
!!# try to prevent HTML and JavaScript Injection
10 
!!# see code injection samples here : https://www.codeproject.com/Articles/134024/HTML-and-JavaScript-Injection
11 
!!# all prohibited words must be set without CAPS
12 
!!prohibited_words=</script >,</form >,</script>,</form>,<meta,behavior:,javascript:,onabort=,onafterprint=,onanimationend=,onanimationiteration=,onanimationstart=,onbeforeprint=,onbeforeunload=,onblur=,oncanplay=,oncanplaythrough=,onchange=,onclick=,oncontextmenu=,oncopy=,oncut=,ondblclick=,ondrag=,ondragend=,ondragenter=,ondragleave=,ondragover=,ondragstart=,ondrop=,ondurationchange=,onended=,onerror=,onfocus=,onfocusin=,onfocusout=,onfullscreenchange=,onfullscreenerror=,onhashchange=,oninput=,oninvalid=,onkeydown=,onkeypress=,onkeyup=,onload=,onloadeddata=,onloadedmetadata=,onloadstart=,onmessage=,onmousedown=,onmouseenter=,onmouseleave=,onmousemove=,onmouseover=,onmouseout=,onmouseup=,onmousewheel=,onoffline=,ononline=,onopen=,onpagehide=,onpageshow=,onpaste=,onpause=,onplay=,onplaying=,onpopstate=,onprogress=,onratechange=,onresize=,onreset=,onscroll=,onsearch=,onseeked=,onseeking=,onselect=,onshow=,onstalled=,onstorage=,onsubmit=,onsuspend=,ontimeupdate=,ontoggle=,ontouchcancel=,ontouchend=,ontouchmove=,ontouchstart=,ontransitionend=,onunload=,onvolumechange=,onwaiting=,onwheel=
1790 bpr 13 
wims_trustfile=primitives.phtml
23 reyssat 14 
wims_nw=Forumdir forumdir mb_readpolicy mb_sendpolicy mb_password \
14637 guerimand 15 
	mb_creation mb_nolink spolycode rpolycode mb_title mb_supervisor \
10991 bpr 16 
	mb_mail send_right read_right s_hidecode is_owner forumrealuser forumuser \
23 reyssat 17 
	user_lastname user_firstname user_email fuser fpassword \
18 
	month ident s_hidecode c_smail \
19 
	empty
20 
wims_nr=wims_sesrandom
21 
Forumdir=!replace internal ../wimshome/ by $wims_home/ in ../$forumdir
22 
!if robot isin $session
13679 bpr 23 
  job=list
24 
  !exit
23 reyssat 25 
!endif
26 
 
17089 guerimand 27 
!! disconnect forum for example class
28 
!if $wims_class!=$empty and $wims_class<10000
29 
  error=closedmodexcls
30 
  !exit
31 
!endif
32 
 
23 reyssat 33 
!if $error!=$empty or $cmd=help
13679 bpr 34 
  !exit
23 reyssat 35 
!endif
36 
 
37 
!if $read_right=0
13679 bpr 38 
  error=no_read_right
39 
  !exit
23 reyssat 40 
!endif
41 
 
42 
!if $send_right=0 and $job iswordof preview compose send
13679 bpr 43 
  error=no_send_right
44 
  !exit
23 reyssat 45 
!endif
46 
 
47 
wims_multiexec=pari maxima yacas
48 
insmath_rawmath=yes
49 
insmath_slashsubst=yes
1790 bpr 50 
msg2wims_primitives=draw def define comment if for while doc
23 reyssat 51 
 
52 
!for i in preview,send,list
12902 obado 53 
  !if $(c_$i)!=$empty
54 
    job=$i
55 
  !endif
23 reyssat 56 
!next i
57 
!reset c_preview c_send c_list
237 bpr 58 
!bound job within list,thread,read,compose,preview,send,config,erase,threadlist default list
23 reyssat 59 
archlist=!record 0 of $forumdir/.archives
60 
archlist=!words2items $archlist
61 
!bound mlist within .newlist,$archlist default .newlist
62 
 
63 
# quote_lim: limit to number of lines in quoting.
64 
!distribute item 128,100,100,32,80,100 into \
65 
 subject_lim,list_lim,thread_lim,sender_lim,mail_lim,quote_lim
66 
 
67 
wims_form_method=post
10087 bpr 68 
 
69 
!!module_title=$mb_title
12902 obado 70 
 
23 reyssat 71 
!if $job iswordof preview send
12902 obado 72 
  lens=!sh cd $wims_home; bin/msg2wims $wims_sesdir/user-deposit $wims_sesdir/message.wims
14637 guerimand 73 
  !if $wims_user=supervisor or $mb_nolink!=yes
74 
    script_option=allowlink
75 
  !endif
14632 guerimand 76 
  !readproc adm/partialdetag.proc file $wims_home/$wims_sesdir/message.wims $wims_home/$wims_sesdir/message.wims
12902 obado 77 
  !if $wims_exec_error!=$empty
78 
    t=!trim $wims_exec_error
79 
    !if $t!=open_tag
80 
      error=$wims_exec_error
81 
      job=compose
82 
      !exit
83 
    !else
84 
      error=open_tag
85 
      job=preview
86 
    !endif
23 reyssat 87 
  !endif
12902 obado 88 
  !distribute word $lens into srclen,msglen
89 
  !if $srclen=0
90 
    job=preview
91 
  !endif
92 
  !if ($srclen>0 and $msglen=0) or $msglen=$empty
93 
    error=translation_fail
94 
    job=compose
95 
    !exit
96 
  !endif
97 
  c_sender=!items2words $c_sender
98 
  c_sender=!char 1 to $sender_lim of $c_sender
99 
  c_smail=!trim $c_smail
100 
  c_smail=!char 1 to $mail_lim of $c_smail
101 
  c_subject=!char 1 to $subject_lim of $c_subject
102 
  c_subject=!replace < by &lt; in $c_subject
23 reyssat 103 
!endif
104 
 
105 
!read var.proc.$job
106 
 
107 
!if $error!=$empty
12902 obado 108 
  wims_module_log=error: $error
23 reyssat 109 
!else
12902 obado 110 
  wims_module_log=$job  	$forum
111 
  !if classes isin $forumdir and $job iswordof read list
112 
    now=!date '+%Y%m%d%H%M%S'
113 
    !if $wims_user=supervisor and ($wims_realuser=$empty or $wims_realuser=supervisor)
114 
      deffile=wimshome/log/classes/$wims_class/supervisor
115 
    !else
116 
      !if $wims_realuser!=$empty
117 
        deffile=wimshome/log/classes/$wims_class/.users/$wims_realuser
118 
      !else
119 
        deffile=wimshome/log/classes/$wims_class/.users/$wims_user
120 
      !endif
121 
    !endif
122 
    !setdef !set user_lastmsg=$now in $deffile
23 reyssat 123 
  !endif
124 
!endif
125 
 
10991 bpr 126 
!set already_seen=!record 0 of $forumdir/.users/$forumrealuser