projects / webmin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
XSS protection
[webmin.git] / group_chooser.cgi
1 #!/usr/local/bin/perl
2 # group_chooser.cgi
3 # This CGI generated the HTML for choosing a group or list of groups.
4
5 $trust_unknown_referers = 1;
6 require './web-lib.pl';
7 &init_config();
8 &ReadParse(undef, undef, 2);
9 %access = &get_module_acl();
10
11 # Build list of primary groups
12 setpwent();
13 while(@uinfo = getpwent()) {
14         push(@{$members{$uinfo[3]}}, $uinfo[0]);
15         }
16 endpwent() if ($gconfig{'os_type'} ne 'hpux');
17
18 if ($in{'multi'}) {
19         # selecting multiple groups.
20         if ($in{'frame'} == 0) {
21                 # base frame
22                 &PrintHeader();
23                 print "<script>\n";
24                 @ul = &split_quoted($in{'group'});
25                 $len = @ul;
26                 print "sel = new Array($len);\n";
27                 print "selr = new Array($len);\n";
28                 for($i=0; $i<$len; $i++) {
29                         print "sel[$i] = \"".
30                               &quote_escape($ul[$i], '"')."\";\n";
31                         @ginfo = getgrnam($ul[$i]);
32                         if (@ginfo) {
33                                 @mems = &unique( split(/ /, $ginfo[3]),
34                                                  @{$members{$ginfo[2]}} );
35                                 if (@mems > 3) { @mems = (@mems[0..1], "..."); }
36                                 print "selr[$i] = \"",join(' ', @mems),"\";\n";
37                                 }
38                         else { print "selr[$i] = \"???\";\n"; }
39                         }
40                 print "</script>\n";
41                 print "<title>$text{'groups_title1'}</title>\n";
42                 print "<frameset cols='50%,50%'>\n";
43                 print "<frame src=\"/group_chooser.cgi?frame=1&multi=1\">\n";
44                 print "<frameset rows='*,50' frameborder=no>\n";
45                 print " <frame src=\"/group_chooser.cgi?frame=2&multi=1\">\n";
46                 print " <frame src=\"/group_chooser.cgi?frame=3&multi=1\" scrolling=no>\n";
47                 print "</frameset>\n";
48                 print "</frameset>\n";
49                 }
50         elsif ($in{'frame'} == 1) {
51                 # list of all groups to choose from
52                 &popup_header();
53                 print "<script>\n";
54                 print "function addgroup(u, r)\n";
55                 print "{\n";
56                 print "top.sel[top.sel.length] = u\n";
57                 print "top.selr[top.selr.length] = r\n";
58                 print "top.frames[1].location = top.frames[1].location\n";
59                 print "return false;\n";
60                 print "}\n";
61                 print "</script>\n";
62                 print "<font size=+1>$text{'groups_all'}</font>\n";
63                 print "<table width=100%>\n";
64                 foreach $u (&get_groups_list()) {
65                         if ($in{'group'} eq $u->[0]) { print "<tr $cb>\n"; }
66                         else { print "<tr>\n"; }
67                         print "<td width=20%><a href=\"\" onClick='return addgroup(\"$u->[0]\", \"$u->[3]\")'>$u->[0]</a></td>\n";
68                         print "<td>$u->[3]</td> </tr>\n";
69                         }
70                 print "</table>\n";
71                 &popup_footer();
72                 }
73         elsif ($in{'frame'} == 2) {
74                 # show chosen groups
75                 &popup_header();
76                 print "<font size=+1>$text{'groups_sel'}</font>\n";
77                 print <<'EOF';
78 <table width=100%>
79 <script>
80 function sub(j)
81 {
82 sel2 = new Array(); selr2 = new Array();
83 for(k=0,l=0; k<top.sel.length; k++) {
84         if (k != j) {
85                 sel2[l] = top.sel[k];
86                 selr2[l] = top.selr[k];
87                 l++;
88                 }
89         }
90 top.sel = sel2; top.selr = selr2;
91 location = location;
92 return false;
93 }
94 for(i=0; i<top.sel.length; i++) {
95         document.write("<tr>\n");
96         document.write("<td><a href=\"\" onClick='return sub("+i+")'>"+top.sel[i]+"</a></td>\n");
97         document.write("<td>"+top.selr[i]+"</td>\n");
98         }
99 </script>
100 </table>
101 EOF
102                 &popup_footer();
103                 }
104         elsif ($in{'frame'} == 3) {
105                 # output OK and Cancel buttons
106                 &popup_header();
107                 print "<script>\n";
108                 print "function qjoin(l)\n";
109                 print "{\n";
110                 print "rv = \"\";\n";
111                 print "for(i=0; i<l.length; i++) {\n";
112                 print "    if (rv != '') rv += ' ';\n";
113                 print "    if (l[i].indexOf(' ') < 0) rv += l[i];\n";
114                 print "    else rv += '\"'+l[i]+'\"'\n";
115                 print "    }\n";
116                 print "return rv;\n";
117                 print "}\n";
118                 print "</script>\n";
119                 print "<form>\n";
120                 print "<input type=button value=\"$text{'groups_ok'}\" ",
121                       " onClick='top.opener.ifield.value = qjoin(top.sel); ",
122                       "top.close()'>\n";
123                 print "<input type=button value=\"$text{'groups_cancel'}\" ",
124                       "onClick='top.close()'>\n";
125                 print "&nbsp;&nbsp;<input type=button value=\"$text{'groups_clear'}\" onClick='top.sel = new Array(); top.selr = new Array(); top.frames[1].location = top.frames[1].location'>\n";
126                 print "</form>\n";
127                 &popup_footer();
128                 }
129         }
130 else {
131         # selecting just one group .. display a list of all groups to
132         # choose from
133         &popup_header($text{'groups_title2'});
134         print "<script>\n";
135         print "function select(f)\n";
136         print "{\n";
137         print "top.opener.ifield.value = f;\n";
138         print "top.close();\n";
139         print "return false;\n";
140         print "}\n";
141         print "</script>\n";
142         print "<table width=100%>\n";
143         foreach $u (&get_groups_list()) {
144                 if ($in{'group'} eq $u->[0]) { print "<tr $cb>\n"; }
145                 else { print "<tr>\n"; }
146                 print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
147                 print "<td>$u->[3]</td> </tr>\n";
148                 }
149         print "</table>\n";
150         &popup_footer();
151         }
152
153 sub get_groups_list
154 {
155 local(@ginfo, @groups, %gcan, %found);
156 if ($access{'gedit_mode'} == 2 || $access{'gedit_mode'} == 3) {
157         map { $gcan{$_}++ } split(/\s+/, $access{'gedit'});
158         }
159 setgrent();
160 while(@ginfo = getgrent()) {
161         @mems = &unique( split(/ /, $ginfo[3]), @{$members{$ginfo[2]}} );
162         if (@mems > 3) { @mems = (@mems[0..1], "..."); }
163         $ginfo[3] = join(' ', @mems);
164         if ($access{'gedit_mode'} == 0 ||
165             $access{'gedit_mode'} == 2 && $gcan{$ginfo[0]} ||
166             $access{'gedit_mode'} == 3 && !$gcan{$ginfo[0]} ||
167             $access{'gedit_mode'} == 4 &&
168                 (!$access{'gedit'} || $ginfo[2] >= $access{'gedit'}) &&
169                 (!$access{'gedit2'} || $ginfo[2] <= $access{'gedit2'})) {
170                 push(@groups, [ @ginfo ]) if (!$found{$ginfo[0]}++);
171                 }
172         }
173 endgrent() if ($gconfig{'os_type'} ne 'hpux');
174 return sort { $a->[0] cmp $b->[0] } @groups;
175 }
176
177 # split_quoted(string)
178 sub split_quoted
179 {
180 local @rv;
181 local $str = $_[0];
182 while($str =~ /^\s*(\S*"[^"]+"\S*)(.*)$/ || $str =~ /^\s*(\S+)(.*)$/) {
183         $str = $2;
184         local $g = $1;
185         $g =~ s/"//g;
186         push(@rv, $g);
187         }
188 return @rv;
189 }
190
Webmin PERL server management