X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=shift.cgi;h=303cce721f1d9531f988d2d75222ba7e2a0b3f20;hb=3c7fb6a60c385fece59ef0bc663cfcf1b3c6ae9c;hp=7f9bcd63121d9952e4967fbc6754301b79118a51;hpb=0b86cab3c9766089206f59475d55b7f42606bb4d;p=staff.git diff --git a/shift.cgi b/shift.cgi index 7f9bcd6..303cce7 100755 --- a/shift.cgi +++ b/shift.cgi @@ -2,7 +2,7 @@ #!/usr/bin/perl -Tw # (Text::Template can't do -T, but no user input is used dangerously) # -# $Id: shift.cgi,v 1.1 2000-05-11 11:27:32 ivan Exp $ +# $Id: shift.cgi,v 1.6 2003-07-30 22:16:36 ivan Exp $ # # Copyright (C) 2000 Adam Gould # Copyright (C) 2000 Michal Migurski @@ -16,9 +16,10 @@ # user-servicable parts ### -$template_file = '/home/ivan/staffsheet/table.html'; -$data_directory = '/home/ivan/staffsheet/data'; -$mail_smtpserver = 'localhost'; # set blank to disable +$template_file = '/var/www/www.420.am/staff/table.html'; +$data_directory = '/var/www/www.420.am/staff/data'; +#$mail_smtpserver = 'localhost'; # set blank to disable +$mail_smtpserver = ''; # set blank to disable $mail_from = 'ivan-misconfigured-shift-from@420.am'; $mail_subject = 'Your shift has been replaced'; @mail_cc = ( @@ -39,7 +40,7 @@ END use strict; use vars qw( $template_file $data_directory $mail_smtpserver $mail_from $mail_subject @mail_cc $mail_footer - $cgi $template %shifthash %warning @messages ); + $cgi $template %shifthash %warning @messages $magic ); use subs qw( form inputbox ); use Fcntl ":flock"; use CGI 2.15; @@ -48,6 +49,7 @@ use Text::Template; use Mail::Internet; use Mail::Header; use Date::Format; +use HTML::Entities; $cgi = new CGI; @@ -102,13 +104,14 @@ if ( $cgi->param() ) { foreach my $field ( @diff_fields ) { $shifthash{$field}='' unless defined $shifthash{$field}; if ( $shifthash{$field} eq $cgi->param($field. '_old') ) { - if ( $cgi->param($field. "_new") =~ - /\b(\w[\w\-\.\+]*\@(([\w\.\-]+\.)+\w+))\b/ - || $cgi->param($field. "_new") =~ /^\s*$/ + if ( $cgi->param($field. "_new") =~ + /^\s*(\w[\w\s\.\'\-]{0,99}?)\s*$/ + || $cgi->param($field. "_new") =~ /^\s*()$/ ) { + my $new = $1; open(FILE,">$data_directory/.new.$field") or die "Can't open file $data_directory/$field: $!"; - print FILE $cgi->param($field. "_new"); + print FILE $new; close FILE; rename "$data_directory/.new.$field", "$data_directory/$field"; $warning{$field} = ''; @@ -132,7 +135,7 @@ if ( $cgi->param() ) { "Hi,", "", "The \"$field\" shift you signed up for has been changed to", - '"'. $cgi->param($field. "_new"). '"', + '"'. $new. '"', "", split("\n", $mail_footer), ], @@ -200,13 +203,15 @@ sub get_data { # subroutines for the template sub form { - $cgi->start_form; + $magic = defined $cgi->param('__MAGIC') ? $cgi->param('__MAGIC') : ''; + $cgi->delete_all(); + $cgi->start_form(); } sub inputbox { my $field = shift; - return $shifthash{$field} || " " - if defined $cgi->param('__MAGIC') && $cgi->param('__MAGIC') eq 'print'; + return encode_entities($shifthash{$field}) || " " + if $magic eq 'print'; $shifthash{$field}='' unless defined $shifthash{$field}; $warning{$field}='' unless defined $warning{$field}; #"$field ".