input validation; goto form; show version; 2 words password

[ott/bsta] / opomba.1.pl

diff --git a/opomba.1.pl b/opomba.1.pl
index 4e29a569a81a6d99f76414906ee7a5eeef1f2b74..639097a9774708b42f646d866ccc3a58fe016bd0 100644 (file)
--- a/opomba.1.pl
+++ b/opomba.1.pl
@@ -29,7 +29,7 @@ use Encode ('encode', 'decode');
 use botm_common (
        'HTTP_STATUS',
        'read_header_env', 'url_query_decode',
-       'read_data_file', 'write_data_file',
+       'write_data_file',
        'html_entity_encode_dec',
        'open_encoded',
        'join_path',
@@ -47,7 +47,11 @@ use bsta_lib (
        'print_html_body_start', 'print_html_body_end',
        'bb_to_html', 'eval_bb',
        'merge_settings',
-       'write_index', 'write_static_viewer_page'
+       'write_index', 'write_static_viewer_page',
+       'read_settings', 'read_state',
+       'read_words', 'write_words',
+       'read_words_list', 'write_words_list'
+       
 );
 
 ###PERL_PATH_SEPARATOR:     PATH_SEPARATOR     = /
@@ -55,8 +59,6 @@ use bsta_lib (
 ###PERL_CGI_VIEWER_PATH:    CGI_VIEWER_PATH    = /bsta/v
 ###PERL_CGI_WORDS_PATH:     CGI_WORDS_PATH     = /bsta/w
 
-###PERL_DATA_SETTINGS_PATH: DATA_SETTINGS_PATH = /botm/data/bsta/settings
-###PERL_DATA_STATE_PATH:    DATA_STATE_PATH    = /botm/data/bsta/state
 ###PERL_DATA_WORDS_PATH:    DATA_WORDS_PATH    = /botm/data/bsta/words/
 
 ###PERL_LOG_SPAM_PATH:      LOG_SPAM_PATH      = /botm/log/bsta/words_spam.log
@@ -96,8 +98,6 @@ my $remove = 0;
 my $post = 0;
 my $quote;
 my $words_data_path;
-my $post_data_path;
-my $last_post_data_path;
 my $index;
 my $page;
 my $ong_state;
@@ -144,8 +144,8 @@ if ($cgi{'i'} =~ /^.+$/) {
 }
 $password = get_password(\%cgi);
 
-%settings = read_data_file(DATA_SETTINGS_PATH());
-%state    = read_data_file(DATA_STATE_PATH());
+%settings = read_settings();
+%state    = read_state();
 $ong_state = int($state{'state'});
 $last_frame = int($state{'last'});
 
@@ -174,8 +174,7 @@ else {
 }
 
 if ($ID ne '') {
-       $post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
-       %post_data = read_data_file($post_data_path);
+       %post_data = read_words($ID);
        if ($post_data{'frame'} ne '') {
                $frame = int($post_data{'frame'});
        }
@@ -205,12 +204,9 @@ unless (flock($fh, 2)) {
        exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed locking data file.', 1);
 }
 
-%words_data = read_data_file(
+%words_data = read_words_list(
        $fh, # file
-       '',  # encoding
-       0,   # no header
        0,   # header only
-       1    # as list
 );
 
 @post_list = @{$words_data{'content'}};
@@ -307,14 +303,7 @@ if ($remove) {
        $words_data{'posts'} = scalar(@post_list);
        $words_data{'content'} = \@post_list;
        
-       $r = write_data_file(
-               $fh, # file 
-               \%words_data,
-               '',  # encoding
-               0,   # no header
-               0,   # header only
-               1    # as list
-       );
+       $r = write_words_list($fh, \%words_data);
        unless ($r) {
                close($fh);
                exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.');
@@ -346,8 +335,7 @@ if ($index eq '') {
        $page = int($index / COMMENT_PAGE_LENGTH());
        if ($index > 0) {
                $last_ID = $post_list[-1];
-               $last_post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $last_ID);
-               %last_post_data = read_data_file($last_post_data_path);
+               %last_post_data = read_words($last_ID);
                if (
                        ($cgi{'username'} eq $last_post_data{'name'   }) &&
                        ($cgi{'words'   } eq $last_post_data{'content'})
@@ -364,8 +352,6 @@ if ($index eq '') {
 $words_data{'posts'} = scalar(@post_list);
 $words_data{'content'} = \@post_list;
 
-$post_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $ID);
-
 $post_data{'frame'} = $frame;
 $post_data{'name'} = $cgi{'username'};
 $post_data{'password'} = $cgi{'password'};
@@ -384,20 +370,13 @@ if ($post_data{'key'} eq '') {
 }
 $post_data{'content'} = $cgi{'words'};
 
-$r = write_data_file($post_data_path, \%post_data);
+$r = write_words($ID, \%post_data);
 unless ($r) {
        close($fh);
        exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing post file.', 1, 0);
 }
 
-$r = write_data_file(
-       $fh, # file 
-       \%words_data,
-       '',  # encoding
-       0,   # no header
-       0,   # header only
-       1    # as list
-);
+$r = write_words_list($fh, \%words_data);
 unless ($r) {
        close($fh);
        exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.', 1, 0);
@@ -494,8 +473,7 @@ sub output {
                $content = $cgi{'words'};
        }
        elsif ($quote ne '') {
-               my $quote_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $quote);
-               my %quote_data = read_data_file($quote_data_path);
+               my %quote_data = read_words($quote);
                $content = '[quote="'.$quote_data{'name'}.'"]'.$quote_data{'content'}.'[/quote]';
        }
        elsif (($cgi{'edit'} ne '') || $remove) {
@@ -505,11 +483,11 @@ sub output {
                $content = '';
        }
        
+       my $_password = $password_ok ? html_entity_encode_dec($settings{'password'}, 1) : '';
        my $_key = html_entity_encode_dec($post_data{'key'}, 1);
        my $_ID = html_entity_encode_dec($ID, 1);
        my $_title = html_entity_encode_dec($title, 1);
        my $_message = html_entity_encode_dec($message, 1);
-       my $_password = html_entity_encode_dec($settings{'password'}, 1);
        my $_story = html_entity_encode_dec($settings{'story'}, 1);
        my $_name = html_entity_encode_dec($name, 1);
        my $_content = html_entity_encode_dec($content, 1);