Mercurial > hgrepos > hgweb.cgi > s4
changeset 81:ddc8a4c0b8d9
All macro-expanding by m4 bypassed via syscmd or spaste
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Mon, 03 Aug 2015 09:34:43 +0900 |
| parents | 39e69daa2071 |
| children | db489961e461 |
| files | s4-blog.sh s4-funcs.sh s4.cgi |
| diffstat | 3 files changed, 106 insertions(+), 69 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-blog.sh Sun Aug 02 17:05:08 2015 +0900 +++ b/s4-blog.sh Mon Aug 03 09:34:43 2015 +0900 @@ -452,13 +452,16 @@ return fi fi - m4 -D_TITLE_="${guide}新規話題作成" \ - -D_FORMHEAD_="序文は簡単に詳しくはコメントに" \ - -D_DUMPHEAD_="これまでの蓄積" \ - -D_FORM_="`genform $formdir/blog.def`" \ - -D_DUMPTABLE_="`listblog $listing`" \ - $layout/html.m4.html \ - $layout/form+dump-whead.m4.html + echo "${guide}新規話題作成" > $tmpd/title.$$ + listblog $listing > $tmpd/listblog.$$ + genform $formdir/blog.def \ + | m4 -D_TITLE_="spaste(\`$tmpd/title.$$')" \ + -D_FORMHEAD_="序文は簡単に詳しくはコメントに" \ + -D_DUMPHEAD_="これまでの蓄積" \ + -D_FORM_="syscmd(\`cat')" \ + -D_DUMPTABLE_="spaste(\`$tmpd/listblog.$$')" \ + $layout/html.m4.html \ + $layout/form+dump-whead.m4.html } blog_reply() { @@ -497,9 +500,11 @@ fi fi def=$formdir/article.def + echo "$title" > $tmpd/title.$$ + echo "$subtitle" > $tmpd/subtitle.$$ blog_showentry blog $rowid \ - | m4 -D_TITLE_="$title" -D_BODYCLASS_=general \ - -D_FORMHEAD_="$subtitle" -D_FORM_="" \ + | m4 -D_TITLE_="spaste(\`$tmpd/title.$$')" -D_BODYCLASS_=general \ + -D_FORMHEAD_="spaste(\`$tmpd/subtitle.$$')" -D_FORM_="" \ -D_DUMPTABLE_="syscmd(cat)" -D_DUMPHEAD_="" \ $layout/html.m4.html $layout/form+dump-whead.m4.html }
--- a/s4-funcs.sh Sun Aug 02 17:05:08 2015 +0900 +++ b/s4-funcs.sh Mon Aug 03 09:34:43 2015 +0900 @@ -44,7 +44,7 @@ 8/2 s4.cgi生成系 Web 締切設定 - 自分の提出物リスト + ○自分の提出物リスト 7/19 ○設置 ○一斉送信 @@ -514,8 +514,8 @@ # If two or more values found, save them to $tmpd/${column}.$N and # store the number of files into $tmpd/${column}.count and # their each rowid stored into $tmpd/${column}.$N.rowid. - ### err gtb-$1=`gettblcols $1`, tbl=$1, col=$2, '$3'=$3 - # Non-null for $GVAL_KEEP_ORIG_BIN keep original binary instead of icon + ## err gtb-$1=`gettblcols $1`, tbl=$1, col=$2, '$3'=$3 + (for c in `gettblcols $1`; do if [ x"$2" = x"$c" ]; then err "select $2 from $1 where rowid=$3" @@ -572,7 +572,7 @@ EOF # err gvbid-get2: "`ls -lF $file`" ## err i=$i - file=$file rowid=`cat $td/$fn.rowid` - ln $td/$fn.rowid $file.rowid 2>&3 # for convenience + cp $td/$fn.rowid $file.rowid 2>&3 # for convenience cp $file $file.orig 2>&3 ls -lh $file | awk '{print $5"B"}' > $file.size case $type in @@ -888,7 +888,7 @@ rcpt=`echo $1` # strip newlines subj="`echo $2|nkf -jM`" # echo rcpt=$rcpt - (m4 -D_RCPT_="$rcpt" -D_SUBJ_="$subj" -D_FROM_=$admin $msg/mail-header.m4 + (m4 -D_RCPT_="$rcpt" -D_SUBJ_="\`$subj'" -D_FROM_=$admin $msg/mail-header.m4 cat $3 | nkf -jd ) | sendmail -f $admin $rcpt } setviastring() { @@ -1155,7 +1155,7 @@ if [ -n "$addr" ]; then susp="<h2>招待済みで加入待ちのアドレス</h2><pre>$addr</pre>" fi - m4 -D_TITLE_="招待" -D_REPORT_="$repo" -D_ACTION_="?invite" \ + m4 -D_TITLE_="招待" -D_REPORT_="\`$repo'" -D_ACTION_="?invite" \ -D_BODYCLASS_="default" -D_SUSPENDED_="$susp" \ $layout/html.m4.html $layout/invite.m4.html } @@ -1191,12 +1191,13 @@ groupman() { gname=`getpar gname` if [ -n "$gname" ]; then - newgname=`echo "$gname"|tr -d '\"'` - newgname=$gname + # See ALSO same job in showgroup() + newgname=`echo "$gname"|tr -d '\"'"'"` + ###newgname=$gname if [ x"$newgname" != x"$gname" ]; then err NewGNAME: gname=$newgname + gname=$newgname echo "使用禁止文字を除去し $gname としました。" | html p - gname=$newgname replpar gname string "$gname" fi par2table $formdir/grp.def @@ -1204,9 +1205,11 @@ fi GF_STAGE=groupman note="<p>グループ名に使用できない文字は自動的に削除されます。</p>" - m4 -D_TITLE_="グループ作成" \ + + DT_VIEW=grp dumptable html grp 'gname gecos:DESC mtime:TIME' 'order by b.TIME desc' \ + |m4 -D_TITLE_="グループ作成" \ -D_FORM_="$note`genform $formdir/grp.def`" \ - -D_DUMPTABLE_="`DT_VIEW=grp dumptable html grp 'gname gecos:DESC mtime:TIME' 'order by b.TIME desc'`" \ + -D_DUMPTABLE_="syscmd(cat)" \ $layout/html.m4.html $layout/form+dump.m4.html } userconf() { @@ -1249,19 +1252,19 @@ [ -n "$jg" -a -n "$grp" ] && joingrp "$grp" "$user" "$jg" "`getpar email`" fi - m4 -D_TITLE_="グループ $grp" $layout/html.m4.html + echo "グループ $grp"|m4 -D_TITLE_="syscmd(\`cat')" $layout/html.m4.html showgroup "$grid" } showhome() { # $1=userRowIdToShow -err showhome \$1=$1 + err showhome \$1=$1 case "$1" in *@*) uname=`getvalbypkey user name "$1"` ;; *) uname=`getvalbyid user name $1` ;; esac -err ShowHome: uname=$uname + err ShowHome: uname=$uname gecos=`gecos "$uname"` -err SH:gecos=$gecos + err SH:gecos=$gecos GF_VIEWONLY=1 cond="gname in (select gname from grp_mem where user='$uname')" if [ x"$user" = x"$uname" ]; then @@ -1281,26 +1284,31 @@ fi . ./s4-blog.sh - m4 -D_BODYCLASS_=home -D_TITLE_="$gecos さん" \ - -D_PROFILE_="`viewtable $formdir/user.def user $1`$conflink" \ - -D_BLOGS_="`listblog $uname`" \ - -D_GROUPS_="`listgroupbytable $formdir/grp.def $cond`" \ - $layout/html.m4.html $layout/home.m4.html - - if [ x"$user" = x"$uname" ]; then - # Display NEWS - cond="where 新着 > 0 order by 新着 desc,ctime desc limit 10" - new10=`DT_CHLD=article:blogid \ + tf=$tmpd/title.$$ pf=$tmpd/profile.$$ bf=$tmpd/blogs.$$ + echo "$gecos さん" > $tf + viewtable $formdir/user.def user $1 > $pf + listblog $uname > $bf + listgroupbytable $formdir/grp.def $cond \ + | m4 -D_BODYCLASS_=home -D_TITLE_="spaste(\`$tf')" \ + -D_PROFILE_="spaste(\`$pf')$conflink" \ + -D_BLOGS_="spaste(\`$bf')" \ + -D_GROUPS_="syscmd(\`cat')" \ + $layout/html.m4.html $layout/home.m4.html + + if [ x"$user" = x"$uname" ]; then + # Display NEWS + cond="where 新着 > 0 order by 新着 desc,ctime desc limit 10" + new10=`DT_CHLD=article:blogid \ DT_VIEW=replyblog dumptable html blog "ctime title gecos" "$cond"` - cont=`echo "$new10"|grep "^<TR>"|wc -l` - cont=$((cont-1)) -err newcount=$cont - if [ $cont -gt 0 ]; then - echo "全体の新着記事${cont}傑" | html h2 - echo "$new10" - fi - fi - # + cont=`echo "$new10"|grep "^<TR>"|wc -l` + cont=$((cont-1)) + err newcount=$cont + if [ $cont -gt 0 ]; then + echo "全体の新着記事${cont}傑" | html h2 + echo "$new10" + fi + fi + # # Record access log [ -n "$1" ] && [ x"$1" != x"$user" ] && acclog user $1 } @@ -1308,7 +1316,8 @@ contenttype; echo err commission: "$@" gname=`getgroupbyid $1` - m4 -D_TITLE_="グループ $gname 管理者委任" $layout/html.m4.html + echo "グループ $gname 管理者委任" \ + | m4 -D_TITLE_="syscmd(\`cat')" $layout/html.m4.html if [ -n "$2" ]; then grp_reg_adm "$@" else @@ -1471,20 +1480,31 @@ listentry group "$@" } showgroup() { # $1=group-rowid - gname=`getpar gname` if [ -n "$gname" ]; then err UPdating/Removing of group::::::: + # See ALSO same job in groupman() + newgname=`echo "$gname"|tr -d '\"'"'"` + ###newgname=$gname +err gname=$gname newgname=$newgname + if [ x"$newgname" != x"$gname" ]; then + err NewGNAME: gname=$newgname + gname=$newgname + echo "使用禁止文字を除去し $gname としました。" | html p + replpar gname string "$gname" + fi par2table $formdir/grp.def fi grp=`getgroupbyid $1` err showgroup2: grp=$grp qgrp="[$(sqlquote $grp)]" if isgroup "$grp"; then - showgroupsub $formdir/grp.def "$1" | \ - m4 -D_TITLE_="グループ $grp" \ - -D_FORM_="syscmd(cat)" \ - -D_DUMPTABLE_="" \ - $layout/form+dump.m4.html + tf=$tmpd/title.$$ + echo "グループ $grp" > $tf + showgroupsub $formdir/grp.def "$1" | \ + m4 -D_TITLE_="spaste(\`$tf')" \ + -D_FORM_="syscmd(\`cat')" \ + -D_DUMPTABLE_="" \ + $layout/form+dump.m4.html else # if $grp is removed at par2table listgroup fi @@ -1578,7 +1598,8 @@ echo "無効な指定です。" | html p return fi - m4 -D_TITLE_="グループ $grp 個別選択操作" $layout/html.m4.html + echo "グループ $grp 個別選択操作" \ + | m4 -D_TITLE_="syscmd(\`cat')" $layout/html.m4.html usel=`getpar usel` if [ -n "$usel" ]; then @@ -1660,9 +1681,11 @@ err grpaction: `echo $sql` b1='<label> <input type="checkbox" name="usel" value="' b2='"> ' b3='</label>' + tf=$tmpd/title.$$ + echo "グループ[$grp]参加メンバーに対する操作" > $tf cgi_form grpaction<<EOF \ | sed -e "s|^\(<TR><TD>\)\([0-9]*\),\([^<]*\)|\1$b1\2$b2\3$b3|" \ - | m4 -D_TITLE_="グループ[$grp]参加メンバーに対する操作" \ + | m4 -D_TITLE_="spaste(\`$tf')" \ -D_SUBTITLE_="チェック後操作ボタン" \ -D_FORM_="syscmd(cat)" -D_DUMPTABLE_="" \ $layout/form+dump.m4.html @@ -1696,11 +1719,12 @@ fi owner=`getvalbyid blog owner $rowid` title=`getvalbyid blog title $rowid` - m4 -D_TITLE_="修正" \ - -D_SUBTITLE_="[$title]@$owner" -D_DIARY_="" \ - -D_BLOGS_="" -D_DUMPTABLE_="" \ - -D_FORM_="`GF_ACTION=\"?blog\" edittable $formdir/blog.def blog $rowid`" \ - $layout/html.m4.html $layout/form+dump.m4.html + GF_ACTION=\"?blog\" edittable $formdir/blog.def blog $rowid \ + | m4 -D_TITLE_="修正" \ + -D_SUBTITLE_="[$title]@$owner" -D_DIARY_="" \ + -D_BLOGS_="" -D_DUMPTABLE_="" \ + -D_FORM_="syscmd(\`cat')" \ + $layout/html.m4.html $layout/form+dump.m4.html } editart() { # $1=article-rowid $2=blogrowid rowid=${1%%[!A-Z0-9a-z_]*} @@ -1720,11 +1744,17 @@ return fi aid=`query "select id from article where rowid=$rowid;"` + tmpout=$tmpd/editart.$$.out + GF_ACTION="?replyblog+$blogrowid#$aid" \ + edittable $formdir/article.def article $rowid \ + > $tmpout + rm -f /tmp/editart.out + # Cannot use pipelining to m4 with genform() because of stdin stack m4 -D_TITLE_="コメントの修正" -D_DIARY_="" \ - -D_FORM_="`GF_ACTION=\"?replyblog+$blogrowid#$aid\" edittable $formdir/article.def article $rowid`" \ - -D_SUBTITLE_="`gecos $owner`の「$title」" \ - -D_BLOGS_= -D_DUMPTABLE_= \ - $layout/html.m4.html $layout/form+dump.m4.html + -D_FORM_="syscmd(cat $tmpout)" \ + -D_SUBTITLE_="`gecos $owner`の「$title」" \ + -D_BLOGS_= -D_DUMPTABLE_= \ + $layout/html.m4.html $layout/form+dump.m4.html } send2mem() { rowid=`getpar grp`
--- a/s4.cgi Sun Aug 02 17:05:08 2015 +0900 +++ b/s4.cgi Mon Aug 03 09:34:43 2015 +0900 @@ -4,15 +4,17 @@ . $mydir/s4-funcs.sh cgiinit -if [ x"$1" = x"reg" ]; then - contenttype; echo - regist $2 - putfooter - exit +if [ -z "$guestonlymode" ]; then + if [ x"$1" = x"reg" ]; then + contenttype; echo + regist $2 + putfooter + exit + fi + + dologin fi -dologin - case ${SERVER_SOFTWARE} in bozohttp*) # Ugly workaround for bozohttpd, which can't send # two or more arguments. @@ -20,7 +22,7 @@ ;; esac -err 1=$1 2=$2 3=$3 4=$4 +# err 1=$1 2=$2 3=$3 4=$4 stage=`getpar stage` stage=${stage:-$1} case ${stage} in
