]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/userlist.pm
Add automated test for using the CGI with git, including CVE-2016-10026
[git.ikiwiki.info.git] / IkiWiki / Plugin / userlist.pm
1 #!/usr/bin/perl
2 package IkiWiki::Plugin::userlist;
4 use warnings;
5 use strict;
6 use IkiWiki 3.00;
8 sub import {
9         hook(type => "getsetup", id => "userlist", call => \&getsetup);
10         hook(type => "sessioncgi", id => "userlist", call => \&sessioncgi);
11         hook(type => "formbuilder_setup", id => "userlist",
12                 call => \&formbuilder_setup);
13 }
15 sub getsetup () {
16         return
17                 plugin => {
18                         safe => 1,
19                         rebuild => 0,
20                         section => "web",
21                 },
22 }
24 sub sessioncgi ($$) {
25         my $cgi=shift;
26         my $session=shift;
28         if ($cgi->param("do") eq "userlist") {
29                 showuserlist($cgi, $session);
30                 exit;
31         }
32 }
34 sub formbuilder_setup (@) {
35         my %params=@_;
37         my $form=$params{form};
38         if ($form->title eq "preferences" &&
39             IkiWiki::is_admin($params{session}->param("name"))) {
40                 push @{$params{buttons}}, "Users";
41                 if ($form->submitted && $form->submitted eq "Users") {
42                         showuserlist($params{cgi}, $params{session});
43                         exit;
44                 }
45         }
46 }
48 sub showuserlist ($$) {
49         my $q=shift;
50         my $session=shift;
52         IkiWiki::needsignin($q, $session);
53         if (! defined $session->param("name") ||
54             ! IkiWiki::is_admin($session->param("name"))) {
55                 error(gettext("you are not logged in as an admin"));
56         }
58         my $h="<table border=\"1\">\n";
59         $h.="<tr><th>".gettext("login")."</th><th>".gettext("email")."</th></tr>\n";
60         my $info=IkiWiki::userinfo_retrieve();
61         eval q{use HTML::Entities};
62         if (ref $info) {
63                 foreach my $user (sort { $info->{$a}->{regdate} <=> $info->{$b}->{regdate} } keys %$info) {
64                         my %i=%{$info->{$user}};
65                         $h.="<tr><td>".encode_entities($user)."</td><td>".
66                                 encode_entities(defined $i{email} ? $i{email} : "").
67                                 "</td></tr>\n";
68                 }
69         }
70         $h.="</table>\n";
72         IkiWiki::printheader($session);
73         print IkiWiki::cgitemplate(undef, gettext("Users"), $h);
74 }
76 1