Changeset 14771

Timestamp:

05/08/12 00:19:38 (13 months ago)

Author:

KipLubliner

Message:

Item11822: Item9581: fix security hole

File:

• trunk/core/tools/develop/plague.pl (modified) (4 diffs)

trunk/core/tools/develop/plague.pl

@@ -2 +2 @@
 # Analyses the Waiting for Feedback tasks, Waiting For field, extracts
 # wikiname, maps to email address, sends mail.
+
+# usage: plague.pl [--topics "Item123,Item456"]  [--nomail]
+# with no arguments, searches thru Item*
 use strict;
 use warnings;
+
+my $itemTopics = "Item*";
+my $sendMail   = 1;
+
+while (@ARGV) {
+    my $arg = shift @ARGV;
+    if ( $arg eq "--topics" ) {
+        $itemTopics = shift @ARGV;
+    }
+    elsif ( $arg eq '--nomail' ) {
+        $sendMail = undef;
+    }
+}
+print "Searching items $itemTopics\n";
 
 BEGIN {
@@ -18 +35 @@
 my $session = new Foswiki( $Foswiki::cfg{AdminUserLogin}, $request );
 
-# Search for Waiting for Feedback, and load a struct with the results
-my $details = '[' . Foswiki::Func::expandCommonVariables(<<'SEARCH') . ']';
-%SEARCH{
- "name~'Item*' AND CurrentState='Waiting for Feedback'"
+my $sep  = "JENNY8675309xyzzy";
+my $data = Foswiki::Func::expandCommonVariables(<<"SEARCH");
+\%SEARCH{
+ "CurrentState='Waiting for Feedback'"
  type="query"
+ topic="$itemTopics"
+ web="Tasks"
  nonoise="on"
- format="$percntFORMAT{\"$percntENCODE{\"$formfield(WaitingFor)\" 
-old=\"Main.,Foswiki:,TWiki:\" new=\",,\"}$percnt\" type=\"string\" 
-format=\"{topic=>'$topic',who=>'$dollaritem'}\" separator=\",\"}$percnt"
- separator=","}%
+ format="topic='\$topic' WaitingFor='\$formfield(WaitingFor)' Summary='\$formfield(Summary)'"
+ separator="$sep"}\%
 SEARCH
-my $data = eval($details);
 
-# Process the struct, collating items according to the recipient email
+# collate search results into %send, keyed by mail address to be notified.
 my %send;
-foreach my $entry (@$data) {
-    next unless $entry->{who};
-    my @emails = Foswiki::Func::wikinameToEmails( $entry->{who} );
+for my $itemData ( split $sep, $data ) {
+    my ( $topic, $waitingFor, $summary ) =
+      $itemData =~ m/topic='(.*?)' WaitingFor='(.*?)' Summary='(.*)'/;
+    next unless $waitingFor;
+    $waitingFor =~ s/^\s+//;
+    $waitingFor =~ s/\s+$//;
+    my @emails;
+    foreach my $waitname ( split( /[,\s]/, $waitingFor ) ) {
+        $waitname =~ s/Foswiki://;
+        my @waitemails = Foswiki::Func::wikinameToEmails($waitname);
+        push @emails, @waitemails;
+    }
     unless ( scalar(@emails) ) {
-        print STDERR
-          "$0: $entry->{topic}: $entry->{who} has no email address\n";
+        print STDERR "$0: $topic: $waitingFor has no email address\n";
         next;
     }
     foreach my $email (@emails) {
-        push( @{ $send{$email} }, $entry->{topic} );
+        push( @{ $send{$email} }, { topic => $topic, summary => $summary } );
     }
 }
@@ -50 +74 @@
 my $template = <DATA>;
 while ( my ( $email, $items ) = each %send ) {
-    my $list = join( "\n", map { 'http://foswiki.org/Tasks/' . $_ } @$items );
+    my $list = join( "\n\n",
+        map { $_->{summary} . "\nhttp://foswiki.org/Tasks/" . $_->{topic} }
+          @$items );
     my $mail = $template;
     $mail =~ s/%EMAILTO%/$email/g;
     $mail =~ s/%TASK_LIST%/$list/g;
     $mail = Foswiki::Func::expandCommonVariables($mail);
-    my $e = Foswiki::Func::sendEmail($mail);
-    print STDERR "$0: error sending mail: $e\n" if $e;
+    if ($sendMail) {
+        my $e = Foswiki::Func::sendEmail($mail);
+        print STDERR "$0: error sending mail: $e\n" if $e;
+    }
+    else {
+        print "$mail\n";
+    }
 }
 1;
@@ -66 +97 @@
 Content-Type: text/plain
 Content-Transfer-Encoding: 8bit
+
 
 This is an automated e-mail from Foswiki.org