diff options
-rw-r--r-- | libpiny/lib/Piny/Config.pm | 7 | ||||
-rwxr-xr-x | pinyweb/cgi-bin/newuser.cgi | 36 |
2 files changed, 27 insertions, 16 deletions
diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index ef18541..c2e5abc 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -45,6 +45,12 @@ subtype 'HttpsUrl' => message { 'Not a https:// URL.' } ; +subtype 'RepoPermission' + => as 'Str' + => where { $_ eq "666" or $_ eq "664" or $_ eq "660" or $_ eq "640" } + => message { 'Must be one of 666, 664, 660, or 640.' } + ; + # Attributes has 'confpath' => @@ -217,6 +223,7 @@ tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl'; tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; +tweakable "piny_permission" => '660', 'RepoPermission'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; # User-specific tweakables, in the users' ~/.gitconfig files. diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi index 43c9178..e4b955a 100755 --- a/pinyweb/cgi-bin/newuser.cgi +++ b/pinyweb/cgi-bin/newuser.cgi @@ -34,18 +34,22 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { $pass = MIME::Base32::encode( $cipher->encrypt( $pass ) ); }; - if ( $q->param("h") && $q->param("h") eq $code ) { - unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) { - print "could not execute newrepo"; - die; - }; - # make things flushier - select((select(IN), $| = 1)[0]); - select((select(OUT), $| = 1)[0]); - print( IN $pass . "\n" ); - close( IN ); - while( <OUT> ) { - print; + if ( $q->param("h") ) { + if ( $q->param("h") eq $code ) { + unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) { + print "could not execute newrepo"; + die; + }; + # make things flushier + select((select(IN), $| = 1)[0]); + select((select(OUT), $| = 1)[0]); + print( IN $pass . "\n" ); + close( IN ); + while( <OUT> ) { + print; + }; + } else { # Invalid hash + print( "I'm sorry, the link you followed is invalid.\n" ); }; } else { # No hash, they need one sent to their address print( "Dispatching email to " . $q->param("a") . "...\n" ); @@ -61,10 +65,10 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { print( MAIL "s" ); }; print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" ); - print( MAIL "h=" . $code ); - print( MAIL "&n=" . $q->param("n") ); - print( MAIL "&a=" . $q->param("a") ); - print( MAIL "&p=" . $pass ); + print( MAIL "h=" . CGI::escape( $code ) ); + print( MAIL "&n=" . CGI::escape( $q->param("n") ) ); + print( MAIL "&a=" . CGI::escape( $q->param("a") ) ); + print( MAIL "&p=" . CGI::escape( $pass ) ); print( MAIL "\n"); close( MAIL ); print( "Done!" ); |