+38
-15
@@ -10490,7 +10490,8 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
|
||||
/*---- add password in case cookie expires during edit ----*/
|
||||
|
||||
if (getcfg(lbs->name, "Password file", str, sizeof(str)) && isparam("unm")) {
|
||||
rsprintf("<input type=hidden name=\"unm\" value=\"%s\">\n", getparam("unm"));
|
||||
strencode2(str, getparam("unm"), sizeof(str));
|
||||
rsprintf("<input type=hidden name=\"unm\" value=\"%s\">\n", str);
|
||||
if (isparam("upwd"))
|
||||
strlcpy(upwd, getparam("upwd"), sizeof(upwd));
|
||||
else
|
||||
@@ -10577,7 +10578,9 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
|
||||
|
||||
rsprintf("<tr><td nowrap width=\"10%%\" class=\"attribname\">%s:</td>", loc("Entry time"));
|
||||
rsprintf("<td class=\"attribvalue\">%s\n", str);
|
||||
rsprintf("<input type=hidden name=entry_date value=\"%s\"></td></tr>\n", date);
|
||||
|
||||
strencode2(str, date, sizeof(str));
|
||||
rsprintf("<input type=hidden name=entry_date value=\"%s\"></td></tr>\n", str);
|
||||
}
|
||||
|
||||
if (_condition[0])
|
||||
@@ -11839,7 +11842,8 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
|
||||
thumb_ref[0] = 0;
|
||||
|
||||
if (strlen(att[index]) < 14 || att[index][6] != '_' || att[index][13] != '_') {
|
||||
rsprintf("<b>Error: Invalid attachment \"%s\"</b><br>", att);
|
||||
strencode2(str, att[index], sizeof(str));
|
||||
rsprintf("<b>Error: Invalid attachment \"%s\"</b><br>", str);
|
||||
} else {
|
||||
|
||||
strlcpy(file_name, lbs->data_dir, sizeof(file_name));
|
||||
@@ -11889,7 +11893,8 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
|
||||
rsprintf(" \n");
|
||||
|
||||
/* ImageMagick available, so get image size */
|
||||
rsprintf("<b>%s</b> \n", att[index] + 14);
|
||||
strencode2(str, att[index], sizeof(str));
|
||||
rsprintf("<b>%s</b> \n", str + 14);
|
||||
if (chkext(file_name, ".pdf") || chkext(file_name, ".ps"))
|
||||
sprintf(cmd, "%s -format '%%wx%%h' '%s[0]'", _identify_cmd, file_name);
|
||||
else
|
||||
@@ -12006,10 +12011,11 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
|
||||
rsprintf("</td></tr></table>\n");
|
||||
}
|
||||
|
||||
strencode2(str, att[index], sizeof(str));
|
||||
if (thumb_ref[0])
|
||||
rsprintf("<input type=hidden name=\"attachment%d\" alt=\"%s\" value=\"%s\">\n", index, thumb_ref, att[index]);
|
||||
rsprintf("<input type=hidden name=\"attachment%d\" alt=\"%s\" value=\"%s\">\n", index, thumb_ref, str);
|
||||
else
|
||||
rsprintf("<input type=hidden name=\"attachment%d\" value=\"%s\">\n", index, att[index]);
|
||||
rsprintf("<input type=hidden name=\"attachment%d\" value=\"%s\">\n", index, str);
|
||||
|
||||
rsprintf("</td></tr>\n");
|
||||
} else
|
||||
@@ -13739,7 +13745,8 @@ void show_config_page(LOGBOOK * lbs)
|
||||
rsprintf("<!--\n\n");
|
||||
rsprintf("function chkrem()\n");
|
||||
rsprintf("{\n");
|
||||
sprintf(str, loc("Really remove user %s?"), user);
|
||||
strencode2(str, user, sizeof(str));
|
||||
sprintf(str, loc("Really remove user %s?"), str);
|
||||
rsprintf(" var subm = confirm(\"%s\");\n", str);
|
||||
rsprintf(" return subm;\n");
|
||||
rsprintf("}\n\n");
|
||||
@@ -13772,7 +13779,8 @@ void show_config_page(LOGBOOK * lbs)
|
||||
rsprintf("<input type=hidden name=cmd value=\"%s\">\n", loc("Config")); // for select javascript
|
||||
rsprintf("<input type=submit name=cmd value=\"%s\">\n", loc("Save"));
|
||||
rsprintf("<input type=submit name=cmd value=\"%s\">\n", loc("Back"));
|
||||
rsprintf("<input type=hidden name=config value=\"%s\">\n", user);
|
||||
strencode2(str, user, sizeof(str));
|
||||
rsprintf("<input type=hidden name=config value=\"%s\">\n", str);
|
||||
rsprintf("<input type=hidden name=cfgpage value=\"1\">\n"); // needed for "Save" command
|
||||
|
||||
rsprintf("</span></td></tr>\n\n");
|
||||
@@ -13807,10 +13815,14 @@ void show_config_page(LOGBOOK * lbs)
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
get_user_line(lbs, user_list[i], NULL, full_name, user_email, NULL, NULL, NULL);
|
||||
if (strcmp(user_list[i], user) == 0)
|
||||
rsprintf("<option selected value=\"%s\">%s <%s>\n", user_list[i], user_list[i], user_email);
|
||||
else
|
||||
rsprintf("<option value=\"%s\">%s <%s>\n", user_list[i], user_list[i], user_email);
|
||||
if (strcmp(user_list[i], user) == 0) {
|
||||
strencode2(str, user_list[i], sizeof(str));
|
||||
rsprintf("<option selected value=\"%s\">%s <%s>\n", str, str, user_email);
|
||||
}
|
||||
else {
|
||||
strencode2(str, user_list[i], sizeof(str));
|
||||
rsprintf("<option selected value=\"%s\">%s <%s>\n", str, str, user_email);
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < n; i++)
|
||||
@@ -13849,6 +13861,8 @@ void show_config_page(LOGBOOK * lbs)
|
||||
rsprintf("<tr><td nowrap width=\"15%%\">%s:</td>\n", loc("Login name"));
|
||||
|
||||
getcfg(lbs->name, "Authentication", auth, sizeof(auth));
|
||||
|
||||
strencode2(str, user, sizeof(str));
|
||||
if (stristr(auth, "Kerberos") || stristr(auth, "Webserver"))
|
||||
rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\" readonly></td></tr>\n", str);
|
||||
else
|
||||
@@ -14114,7 +14128,9 @@ void show_forgot_pwd_page(LOGBOOK * lbs)
|
||||
url_slash_encode(pwd, sizeof(pwd));
|
||||
sprintf(redir, "?cmd=%s&oldpwd=%s", loc("Change password"), pwd);
|
||||
url_encode(redir, sizeof(redir));
|
||||
sprintf(str, "?redir=%s&uname=%s&upassword=%s", redir, login_name, pwd);
|
||||
|
||||
strencode2(str2, redir, sizeof(str2));
|
||||
sprintf(str, "?redir=%s&uname=%s&upassword=%s", str2, login_name, pwd);
|
||||
strlcat(url, str, sizeof(url));
|
||||
|
||||
retrieve_email_from(lbs, mail_from, mail_from_name, NULL);
|
||||
@@ -14235,7 +14251,8 @@ void show_new_user_page(LOGBOOK * lbs, char *user)
|
||||
|
||||
rsprintf("<tr><td nowrap>%s:</td>\n", loc("Login name"));
|
||||
if (user && user[0]) {
|
||||
rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\" readonly></td>\n", user);
|
||||
strencode2(str, user, sizeof(str));
|
||||
rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\" readonly></td>\n", str);
|
||||
rsprintf("<td> </td>\n");
|
||||
} else {
|
||||
rsprintf("<td><input type=text size=40 name=new_user_name></td>\n");
|
||||
@@ -26110,6 +26127,9 @@ void show_login_page(LOGBOOK * lbs, char *redir, int fail)
|
||||
strlcpy(str, redir, sizeof(str));
|
||||
if (strchr(str, '<'))
|
||||
url_encode(str, sizeof(str));
|
||||
if (strchr(str, ' '))
|
||||
return;
|
||||
|
||||
rsprintf("<input type=hidden name=redir value=\"%s\">\n", str);
|
||||
|
||||
rsprintf("<table class=\"login_frame\" cellspacing=0 align=center>");
|
||||
@@ -26125,12 +26145,15 @@ void show_login_page(LOGBOOK * lbs, char *redir, int fail)
|
||||
sprintf(str, loc("User \"%s\" has no access to this logbook"), getparam("unm"));
|
||||
rsprintf("<tr><td class=\"dlgerror\">%s!</td></tr>\n", str);
|
||||
}
|
||||
|
||||
if (isparam("unm"))
|
||||
strencode2(str, getparam("unm"), sizeof(str));
|
||||
|
||||
rsprintf("<tr><td class=\"login_form\">\n");
|
||||
rsprintf("<span class=\"overlay_wrapper\">\n");
|
||||
rsprintf("<label for=\"uname\" id=\"uname\" class=\"overlabel\">%s</label>\n", loc("Username"));
|
||||
rsprintf("<input type=\"text\" class=\"login_input\" name=\"uname\" value=\"%s\" title=\"%s\" onInput=\"document.getElementById('uname').style.display='none';\">\n",
|
||||
isparam("unm") ? getparam("unm") : "", loc("Username"));
|
||||
isparam("unm") ? str : "", loc("Username"));
|
||||
rsprintf("</span></td></tr>\n");
|
||||
|
||||
rsprintf("<tr><td class=\"login_form\">\n");
|
||||
|
||||
Reference in New Issue
Block a user