strict conversion and download sanity check

acl/cert_form.cgi

@@ -1,9 +1,12 @@
 #!/usr/local/bin/perl
 # cert_form.cgi
 
+use strict;
+use warnings;
 require './acl-lib.pl';
-&ui_print_header(undef, $text{'cert_title'}, "", undef, undef, undef, undef, undef, undef,
-	"language=VBSCRIPT onload='postLoad()'");
+our (%in, %text, %config, %access);
+&ui_print_header(undef, $text{'cert_title'}, "", undef, undef, undef, undef,
+		 undef, undef, "language=VBSCRIPT onload='postLoad()'");
 eval "use Net::SSLeay";
 
 print "<p>$text{'cert_msg'}<p>\n";

acl/cert_issue.cgi

@@ -1,49 +1,53 @@
 #!/usr/local/bin/perl
 # cert_issue.cgi
 
+use strict;
+use warnings;
 require './acl-lib.pl';
+our (%in, %text, %config, %access, $module_config_directory, $base_remote_user);
 &ReadParse();
 
 &error_setup($text{'cert_err'});
 $in{'key'} || &error($text{'cert_ekey'});
+
+my %miniserv;
 &get_miniserv_config(\%miniserv);
 
 # Create the new key
-$temp1 = &transname();
-$temp2 = &tempname();
-open(IN, ">$temp1");
-foreach $k ("emailAddress", "organizationalUnitName", "organizationName",
-	    "stateOrProvinceName", "countryName", "commonName") {
-	print IN "$k = $in{$k}\n";
+my $temp1 = &transname();
+my $temp2 = &tempname();
+my $fh = "IN";
+&open_tempfile($fh, ">$temp1");
+foreach my $k ("emailAddress", "organizationalUnitName", "organizationName",
+	       "stateOrProvinceName", "countryName", "commonName") {
+	&print_tempfile($fh, "$k = $in{$k}\n");
 	}
 $in{'key'} =~ s/\s//g;
-print IN "SPKAC = $in{'key'}\n";
-close(IN);
-$cmd = &get_ssleay();
-$ssleay = &backquote_logged("$cmd ca -spkac $temp1 -out $temp2 -config $module_config_directory/openssl.cnf -days 1095 2>&1");
-unlink($temp1);
+&print_tempfile($fh, "SPKAC = $in{'key'}\n");
+&close_tempfile($fh);
+my $cmd = &get_ssleay();
+my $ssleay = &backquote_logged("$cmd ca -spkac $temp1 -out $temp2 -config $module_config_directory/openssl.cnf -days 1095 2>&1");
+&unlink_file($temp1);
 if ($?) {
 	&error("<pre>$ssleay</pre>");
 	}
 else {
 	# Display status and redirect to actual cert file
-	$| = 1;
-	&ui_print_header(undef, $text{'cert_title'}, "");
-	print "<p>",&text('cert_done', $in{'commonName'}),"<p>\n";
-	print "<font size=+1>",&text('cert_pickup', "cert_output.cgi?file=$temp2"),"</font><p>\n";
+	&ui_print_unbuffered_header(undef, $text{'cert_title'}, "");
+	print &text('cert_done', $in{'commonName'}),"<p>\n";
+	print &text('cert_pickup', "cert_output.cgi?file=$temp2"),"<p>\n";
 	&ui_print_footer("", $text{'index_return'});
 
-	# Update the miniserv users file
-	&lock_file($miniserv{'userfile'});
-	$lref = &read_file_lines($miniserv{'userfile'});
-	foreach $l (@$lref) {
-		@u = split(/:/, $l);
-		if ($u[0] eq $base_remote_user) {
-			$l = "$u[0]:$u[1]:$u[2]:/C=$in{'countryName'}/ST=$in{'stateOrProvinceName'}/O=$in{'organizationName'}/OU=$in{'organizationalUnitName'}/CN=$in{'commonName'}/Email=$in{'emailAddress'}";
-			}
-		}
-	&flush_file_lines();
-	&unlock_file($miniserv{'userfile'});
+	# Update the Webmin user
+	my ($me) = grep { $_->{'name'} eq $base_remote_user } &list_users();
+	$me || &error($text{'edit_egone'});
+	$me->{'cert'} = "/C=$in{'countryName'}".
+			"/ST=$in{'stateOrProvinceName'}".
+			"/O=$in{'organizationName'}".
+			"/OU=$in{'organizationalUnitName'}".
+			"/CN=$in{'commonName'}".
+			"/Email=$in{'emailAddress'}";
+	&modify_user($me->{'name'}, $me);
 
 	sleep(1);
 	&restart_miniserv();

acl/cert_output.cgi

@@ -1,13 +1,17 @@
 #!/usr/local/bin/perl
 # cert_issue.cgi
 
+use strict;
+use warnings;
 require './acl-lib.pl';
-&ReadParse();
-print "Content-type: application/x-x509-user-cert\n\n";
-open(OUT, $in{'file'});
-while(<OUT>) {
-	print;
-	}
-close(OUT);
-unlink($in{'file'});
+our (%in, %text, %config, %access);
+
+&ReadParse();
+my $tempdir = &tempname();
+$tempdir =~ s/\/[^\/]+$//;
+&is_under_directory($tempdir, $in{'file'}) ||
+	&error($text{'cert_etempdir'});
+print "Content-type: application/x-x509-user-cert\n\n";
+print &read_file_contents($in{'file'});
+&unlink_file($in{'file'});
 

acl/lang/en

@@ -164,6 +164,7 @@ cert_install=Install your certificate into browser
 cert_ekey=A new SSL key was not submitted by your browser - maybe it does not support SSL client certificates.
 cert_eca=Failed to setup certificate authority : $1
 cert_already=Warning - you are already using the certificate $1.
+cert_etempdir=Invalid certificate file
 
 acl_title=Module Access Control
 acl_title2=For $1 in $2