Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

2026-04-27 03:07:43 +02:00 · 2016-04-08 16:16:57 +01:00
parent b395d3289d 78d49152a8
commit 36ba4ebe99
4 changed files with 32 additions and 43 deletions
--- a/config/rootfiles/core/101/filelists/files
+++ b/config/rootfiles/core/101/filelists/files
@@ -1,2 +1,5 @@
 etc/system-release
 etc/issue
 srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/ipinfo.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
--- a/html/cgi-bin/chpasswd.cgi
+++ b/html/cgi-bin/chpasswd.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 use CGI qw(param);
 use Apache::Htpasswd;
 use Crypt::PasswdMD5;
 $swroot = "/var/ipfire";
@@ -74,48 +75,25 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
 		$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
 		goto ERROR;
 	}
 	if (! -z $userdb)
 	{
 		open FILE, $userdb;
 		@users = <FILE>;
 		close FILE;
-		$username = '';
+	my $htpasswd = new Apache::Htpasswd("$userdb");
 		$cryptpwd = '';
-		foreach (@users)
+	# Check if a user with this name exists
-		{
+	my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
- 			chomp;
+	if (!$old_password) {
 			@temp = split(/:/,$_);
 			if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
 			{
 				$username = $temp[0];
 				$cryptpwd = $temp[1];
 			}
 		}
 	}
 	if ($username eq '')
 	{
 		$errormessage = $tr{'advproxy errmsg invalid user'};
 		goto ERROR;
 	}
-	if (
+
-	    !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
+	# Reset password
-	    !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
+	if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
-	   )
+			$cgiparams{'OLD_PASSWORD'})) {
 	{
 		$errormessage = $tr{'advproxy errmsg password incorrect'};
 		goto ERROR;
 	}
-	$returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
+
-	if ($returncode == 0)
+	$success = 1;
-	{
+	undef %cgiparams;
 		$success = 1;
 		undef %cgiparams;
 	} else {
 		$errormessage = $tr{'advproxy errmsg change fail'};
 		goto ERROR;
 	}
 }
 ERROR:
--- a/html/cgi-bin/ipinfo.cgi
+++ b/html/cgi-bin/ipinfo.cgi
@@ -19,6 +19,7 @@
 #                                                                             #
 ###############################################################################
 use CGI;
 use IO::Socket;
 use strict;
@@ -34,18 +35,14 @@ my %cgiparams=();
 &Header::showhttpheaders();
 &Header::getcgihash(\%cgiparams);
 $ENV{'QUERY_STRING'} =~s/&//g;
 my @addrs = split(/ip=/,$ENV{'QUERY_STRING'});
 &Header::openpage($Lang::tr{'ip info'}, 1, '');
 &Header::openbigbox('100%', 'left');
 my @lines=();
 my $extraquery='';
-foreach my $addr (@addrs) {
+
-next if $addr eq "";
+my $addr = CGI::param("ip") || "";
 if (&General::validip($addr)) {
 	$extraquery='';
 	@lines=();
 	my $whoisname = "whois.arin.net";
@@ -91,6 +88,14 @@ next if $addr eq "";
 	}
 	print "</pre>\n";
 	&Header::closebox();
 } else {
 	&Header::openbox('100%', 'left', $Lang::tr{'invalid ip'});
 	print <<EOF;
 		<p style="text-align: center;">
 			$Lang::tr{'invalid ip'}
 		</p>
 EOF
 	&Header::closebox();
 }
 print <<END
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -27,6 +27,7 @@
 #
 use strict;
 use Apache::Htpasswd;
 # enable only the following on debugging purpose
 #use warnings;
@@ -4134,7 +4135,9 @@ sub adduser
 		close(FILE);
 	} else {
 		&deluser($str_user);
-		system("/usr/sbin/htpasswd -b $userdb $str_user $str_pass");
+
 		my $htpasswd = new Apache::Htpasswd("$userdb");
 		$htpasswd->htpasswd($str_user, $str_pass);
 	}
 	if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");