1	# =====================================================================
     2	# cmtPost.awk: RPC I/O function for rpclib/cmtPost.
     3	#
     4	# Copyright (c) 2007-2011 Carlo Strozzi
     5	#
     6	# This program is free software; you can redistribute it and/or modify
     7	# it under the terms of the GNU General Public License as published by
     8	# the Free Software Foundation; version 2 dated June, 1991.
     9	#
    10	# This program is distributed in the hope that it will be useful,
    11	# but WITHOUT ANY WARRANTY; without even the implied warranty of
    12	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13	# GNU General Public License for more details.
    14	#
    15	# You should have received a copy of the GNU General Public License
    16	# along with this program; if not, write to the Free Software
    17	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
    18	#
    19	# =====================================================================
    20	
    21	# =====================================================================
    22	# void _userproc(int mode)
    23	# =====================================================================
    24	
    25	function _userproc(mode,			       value,out,tmp) {
    26	
    27	   if (mode == _O_REQUEST) {				# request.
    28	
    29	      nodestem()
    30	
    31	      # Output file is mandatory!
    32	      if ((out=_rcget("TNS_CMS_CONTENT")) !~ /^\//)
    33		 return(_sys("csaExit.fault 0041 TNS_CMS_CONTENT"))
    34	
    35	      # target group.
    36	      value = substr(_request("1",1),1,ENVIRON["TNS_GROUP_MAXLEN"])
    37	
    38	      # group must not be null and it may not contain the
    39	      # unescaped ``.'' character.
    40	
    41	      if (value != _NULL && value !~ /\./) {
    42		 _rcset("cgi.group",unixify(value))
    43		 _rcset("cgi.group.literal",value)
    44	      }
    45	
    46	      # target page within group.
    47	      value = substr(_request("2",1),1,ENVIRON["TNS_PAGE_MAXLEN"])
    48	
    49	      # page name must be at least 2-character long.
    50	      if (length(value) > 1) {
    51		 gsub(/[ \t\n\r]/," ",value)		# neutralize real junk.
    52		 _rcset("cgi.page.literal",value)
    53		 value = unixify(value,1)
    54		 _rcset("cgi.page",value)
    55	      }
    56	
    57	      # Actual comment data.
    58	
    59	      # Optional parent post.
    60	      if ((value=_request("3",1)) ~ /^[1-9][-.a-zA-Z0-9]+$/)
    61					_rcset("cgi.cmt.parent",value)
    62	
    63	      # Optional author name of this post. If no author was entered
    64	      # then try and get it from the relevant HTTP cookie if available,
    65	      # otherwise label it as anonymous.
    66	
    67	      if ((value=_request("4",1)) == _NULL)
    68					value = _request("twauthor",1)
    69	
    70	      gsub(/[\t\r\n<>]+/," ",value)
    71	      value = substr(_strip(value,_O_MIDDLE),1,32)
    72	      if (value == _NULL) value = _nlsmap(_NULL,"anonymous")
    73	      _rcset("cgi.cmt.author",value)
    74	
    75	      # Mandatory captcha code.
    76	      if ((value=_request("captcha",1)) != _NULL) {
    77		 gsub(/[\t\r\n<>]+/," ",value)
    78		 value = substr(_strip(value,_O_MIDDLE),1,32)
    79		 _rcset("cgi.cmt.captcha",value)
    80	      }
    81	
    82	      # E-mail address of poster. Whether it is mandatory
    83	      # depends on the underlying rc(1) program.
    84	      if (_isemail((value=_request("5",1))) == _TRUE)
    85					_rcset("cgi.cmt.aumail",value)
    86	
    87	      # Generate the comment key stem here.
    88	      value = ENVIRON["CSA_TIME_ISO"]
    89	      gsub(/[^0-9]/,"",value)
    90	      _rcset("cgi.cmt.stem",value)
    91	
    92	      # Optional poster URL (ignore the default form value).
    93	      value = _strip(_request("6",1),_O_MIDDLE)
    94	      if (value != _NULL && value != "http://") {
    95		 if (value ~ /^https?:\/\/.+/ && length(value) < 256 && \
    96		    value !~ /[ \t\r\n<>]/) _rcset("cgi.cmt.auweb",value)
    97	
    98		 else _rcset("cgi.cmt.auweb","-")		# invalid URL.
    99	      }
   100	
   101	      # Mandatory comment text. The filter will have to return
   102	      # a zero-length string file if the input text is missing
   103	      # or if it contains only garbage.
   104	
   105	      value = cmtFilter(_request("8",1))
   106	
   107	      printf("%s",value) > out
   108	
   109	      gsub(/[\t\r\n]+/," ",value)
   110	      gsub(/<[^>]*>/," ",value)			# remove any markup.
   111	      value = substr(_strip(value,_O_MIDDLE),1,128)
   112	      if (value ~ /[a-zA-Z0-9]/ || value == "-")
   113					_rcset("cgi.cmt.excerpt",value)
   114	
   115	      # Optional subject. Set equal to the first 64 chars
   116	      # of message excerpt if empty.
   117	
   118	      tmp = _request("7",1)
   119	      gsub(/[\t\r\n]+/," ",tmp)
   120	      gsub(/<[^>]*>/," ",tmp)			# remove any markup.
   121	      tmp = _strip(tmp,_O_MIDDLE)
   122	      if (tmp == _NULL) tmp = value
   123	      tmp = substr(tmp,1,64)			# truncate to 64 chars.
   124	      if (tmp ~ /[a-zA-Z0-9]/) _rcset("cgi.cmt.subject",tmp)
   125	
   126	      # Paging block no. if any.
   127	      _rcset("cgi.paging",_request("9",1)/1)
   128	
   129	      # The following test is necessary since the address could,
   130	      # at least in theory, have been set to any string by the
   131	      # remote user, due to how it is handled to cope with stunnel(8)
   132	      # and the lack of transproxy support in kernel 2.4.x.
   133	
   134	      if (_isipaddr(ENVIRON["REMOTE_ADDR"]) == _TRUE)
   135					value = ENVIRON["REMOTE_ADDR"]
   136	      else value = "0.0.0.0"
   137	
   138	      _rcset("REMOTE_ADDR",value)
   139	   }
   140	
   141	   else {					# response
   142	
   143	      # generic template conditionals.
   144	
   145	      ifsections()
   146	   }
   147	} 
   148	
   149	# EOF