From: Michael Tremer
Date: Fri, 8 Apr 2016 15:16:57 +0000 (+0100)
Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
X-Git-Tag: v2.19-core101~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36ba4ebe992fd023f9c86efd8a8d66fa0aa751ad;hp=b395d3289d0008b4fd274346f6cb5b50096b6f71;p=people%2Fpmueller%2Fipfire-2.x.git
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
---
diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files
index 409e5fe8ac..0f75ac841d 100644
--- a/config/rootfiles/core/101/filelists/files
+++ b/config/rootfiles/core/101/filelists/files
@@ -1,2 +1,5 @@
etc/system-release
etc/issue
+srv/web/ipfire/cgi-bin/chpasswd.cgi
+srv/web/ipfire/cgi-bin/ipinfo.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi
index ae9e6ec70b..0a66062edb 100644
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
###############################################################################
use CGI qw(param);
+use Apache::Htpasswd;
use Crypt::PasswdMD5;
$swroot = "/var/ipfire";
@@ -74,48 +75,25 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
goto ERROR;
}
- if (! -z $userdb)
- {
- open FILE, $userdb;
- @users = ;
- close FILE;
- $username = '';
- $cryptpwd = '';
+ my $htpasswd = new Apache::Htpasswd("$userdb");
- foreach (@users)
- {
- chomp;
- @temp = split(/:/,$_);
- if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
- {
- $username = $temp[0];
- $cryptpwd = $temp[1];
- }
- }
- }
- if ($username eq '')
- {
+ # Check if a user with this name exists
+ my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
+ if (!$old_password) {
$errormessage = $tr{'advproxy errmsg invalid user'};
goto ERROR;
}
- if (
- !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
- !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
- )
- {
+
+ # Reset password
+ if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
+ $cgiparams{'OLD_PASSWORD'})) {
$errormessage = $tr{'advproxy errmsg password incorrect'};
goto ERROR;
}
- $returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
- if ($returncode == 0)
- {
- $success = 1;
- undef %cgiparams;
- } else {
- $errormessage = $tr{'advproxy errmsg change fail'};
- goto ERROR;
- }
+
+ $success = 1;
+ undef %cgiparams;
}
ERROR:
diff --git a/html/cgi-bin/ipinfo.cgi b/html/cgi-bin/ipinfo.cgi
index 71098a2529..8cefe6e853 100644
--- a/html/cgi-bin/ipinfo.cgi
+++ b/html/cgi-bin/ipinfo.cgi
@@ -19,6 +19,7 @@
# #
###############################################################################
+use CGI;
use IO::Socket;
use strict;
@@ -34,18 +35,14 @@ my %cgiparams=();
&Header::showhttpheaders();
-&Header::getcgihash(\%cgiparams);
-
-$ENV{'QUERY_STRING'} =~s/&//g;
-my @addrs = split(/ip=/,$ENV{'QUERY_STRING'});
-
&Header::openpage($Lang::tr{'ip info'}, 1, '');
-
&Header::openbigbox('100%', 'left');
my @lines=();
my $extraquery='';
-foreach my $addr (@addrs) {
-next if $addr eq "";
+
+my $addr = CGI::param("ip") || "";
+
+if (&General::validip($addr)) {
$extraquery='';
@lines=();
my $whoisname = "whois.arin.net";
@@ -91,6 +88,14 @@ next if $addr eq "";
}
print "\n";
&Header::closebox();
+} else {
+ &Header::openbox('100%', 'left', $Lang::tr{'invalid ip'});
+ print <
+ $Lang::tr{'invalid ip'}
+
+EOF
+ &Header::closebox();
}
print <htpasswd($str_user, $str_pass);
}
if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");