| Server IP : 78.140.185.180 / Your IP : 216.73.216.220 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /proc/thread-self/root/opt/dell/srvadmin/var/lib/openmanage/xslroot/oma/template/web/ |
Upload File : |
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:fo="http://www.w3.org/1999/XSL/Format">
<xsl:template match="OMA">
<xsl:choose>
<xsl:when test="SMTPHost = ''">
<DataArea email="false" cancel="true" exportdata="false">
<xsl:if test="OMAUserRights='7' and SHOWWEBSERVER='TRUE'">
<xsl:attribute name="backpagedisplay"><xsl:value-of select="$strGoToServer"/></xsl:attribute>
<xsl:attribute name="backpagetarget">./DataArea?plugin=com.dell.oma.webplugins.SvrPrefWebPlugin&help=Serverpreferences</xsl:attribute>
</xsl:if>
<xsl:attribute name="canceltarget"><xsl:value-of select="translate(//Caller, ';', '&amp;')"/></xsl:attribute>
<PageTitle>
<xsl:attribute name="display"><xsl:value-of select="$strEmailFailed"/></xsl:attribute>
</PageTitle>
<PromptText>
<xsl:choose>
<xsl:when test="OMAUserRights='7' and SHOWWEBSERVER='TRUE'"><xsl:value-of select="$strSetUpSMTP"/></xsl:when>
<xsl:otherwise><xsl:value-of select="$strAskYourSystem"/></xsl:otherwise>
</xsl:choose>
</PromptText>
</DataArea>
</xsl:when>
<xsl:otherwise>
<DataArea email="false" exportdata="false">
<xsl:if test="Success != 'true'">
<xsl:attribute name="cancel">true</xsl:attribute>
<xsl:attribute name="canceltarget">javascript:cancel();</xsl:attribute>
</xsl:if>
<xsl:if test="(/OMA/OMAUserRights = '7') or (/OMA/OMAUserRights = '3')">
<xsl:choose>
<xsl:when test="Success ='true'">
<xsl:attribute name="submit"><xsl:value-of select="translate(Caller, ';','&')"/></xsl:attribute>
<xsl:attribute name="submitdisplay"><xsl:value-of select="$strGoBack"/></xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="submit">./SubmitForm?plugin=com.dell.oma.webplugins.SendEmailWebPlugin</xsl:attribute>
<xsl:attribute name="submitdisplay"><xsl:value-of select="$strSendEmail"/></xsl:attribute>
<xsl:attribute name="validate">true</xsl:attribute>
</xsl:otherwise>
</xsl:choose>
</xsl:if>
<PageTitle>
<xsl:attribute name="display"><xsl:value-of select="$strSendEmailMessage"/></xsl:attribute>
</PageTitle>
<xsl:choose>
<xsl:when test="Success ='true'">
<PromptText><xsl:value-of select="$strTheEmailMessage"/><xsl:value-of select="ToAddress"/><xsl:value-of select="$str"/></PromptText>
</xsl:when>
<xsl:when test="Exception != ''">
<xsl:choose>
<xsl:when test="Exception = '1'">
<PromptText><xsl:value-of select="$strTheEmailMessage1"/><xsl:value-of select="ToAddress"/><xsl:value-of select="$strSince"/><xsl:value-of select="ToAddress"/><xsl:text> </xsl:text><xsl:value-of select="$strOr"/><xsl:text> </xsl:text><xsl:value-of select="FromAddress"/><xsl:value-of select="$strIsInvalidEnter"/></PromptText>
</xsl:when>
<xsl:otherwise>
<PromptText><xsl:value-of select="$strTheEmailMessage2"/><xsl:value-of select="ToAddress"/><xsl:value-of select="$strEmailAddressMay"/></PromptText>
</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
</xsl:otherwise>
</xsl:choose>
<xsl:if test="Success !='true'">
<ListData>
<Data name="to" type="editbox" size="40"><xsl:attribute name="display"><xsl:value-of select="$strTo"/></xsl:attribute>
<xsl:attribute name="value"><xsl:value-of select="ToAddress"/></xsl:attribute>
</Data>
<Data name="from"><xsl:attribute name="display"><xsl:value-of select="$strFrom"/></xsl:attribute>
<xsl:attribute name="value"><xsl:value-of select="FromAddress"/></xsl:attribute>
</Data>
<Data name="subject" type="editbox" size="50"><xsl:attribute name="display"><xsl:value-of select="$strSubject"/></xsl:attribute>
<xsl:attribute name="value"><xsl:value-of select="Subject"/></xsl:attribute>
</Data>
<Data name="desc" type="textarea" cols="35" rows="5"><xsl:attribute name="display"><xsl:value-of select="$strMessage"/></xsl:attribute>
<xsl:attribute name="value"><xsl:value-of select="Message"/></xsl:attribute>
</Data>
</ListData>
<ListData>
<Data name="Attach"><xsl:attribute name="display"><xsl:value-of select="$strAttachments"/></xsl:attribute></Data>
<xsl:for-each select="Attachment/File">
<xsl:variable name="filename"><xsl:value-of select="."/></xsl:variable>
<xsl:if test="($filename != 'blank.html') and ($filename != 'calendar.html') and ($filename != 'pre.html')">
<Data name="attachment" type="checkbox" state="3">
<xsl:attribute name="returnvalue"><xsl:value-of select="@count"/></xsl:attribute>
<xsl:attribute name="splcase">true</xsl:attribute>
<xsl:if test="@href != ''">
<ExtraItem link="true">
<xsl:attribute name="href">javascript:showFile('<xsl:value-of select="@href"/>');</xsl:attribute>
<xsl:attribute name="value"><xsl:value-of select="."/></xsl:attribute>
</ExtraItem>
</xsl:if>
</Data>
</xsl:if>
</xsl:for-each>
</ListData>
<!--Security Fix:Unrestricted file upload in E-mail feature
<ListData>
<Data type="file" name="file" splcase="true"><xsl:attribute name="display"><xsl:value-of select="$strAddAttachment"/></xsl:attribute>
<ExtraItem type="button" href="javascript:uploadFile();"><xsl:attribute name="display"><xsl:value-of select="$strAddAttachment1"/></xsl:attribute></ExtraItem>
</Data>
</ListData>
-->
<HiddenTable>
<Data type="hidden" name="smtp">
<xsl:attribute name="returnvalue"><xsl:value-of select="SMTPHost"/></xsl:attribute>
</Data>
<Data type="hidden" name="pageTitle">
<xsl:attribute name="returnvalue"><xsl:value-of select="PageName" disable-output-escaping="yes" /></xsl:attribute>
</Data>
<Data type="hidden" name="redirectURL">
<xsl:attribute name="returnvalue"></xsl:attribute>
</Data>
<Data type="hidden" name="prevPage">
<xsl:attribute name="returnvalue"><xsl:value-of select="Caller"/></xsl:attribute>
</Data>
<Data type="hidden" name="fileName"/>
</HiddenTable>
</xsl:if>
<script language="javascript">
function showFile(url)
{
console.log("Removed file rendering as Security fix for JIT-173043-Unrestricted File Upload");
}
function cancel()
{
location.href ='<xsl:value-of select="translate(//Caller, ';', '&amp;')"/>';
}
function validate()
{
var inLength = <xsl:value-of select="string-length(Message)"/>
if((document.getElementById("desc").value.length - inLength) > 256)
{
alert("<xsl:value-of select="$strErrorLessThan"/>");
document.getElementById("desc").select();
return false;
}
if(!isAlphaNumeric(document.getElementById("to").value, "to"))
{
return false;
}
if(!validateEmail(document.getElementById("to").value, "to"))
{
return false;
}
if(!isAlphaNumeric(document.getElementById("subject").value, "subject"))
{
return false;
}
if(!isAlphaNumeric(document.getElementById("desc").value, "desc"))
{
return false;
}
/* Removed file validation as new files cannot be added in attachment section
if(!isAlphaNumeric(document.getElementById("file").value, "file"))
{
return false;
}
*/
if (((document.getElementById("to").value).indexOf(',') != "-1") || ((document.getElementById("to").value).indexOf(';') != "-1")) {
alert(<xsl:value-of select="$strXLATESTARTToDoesNot"/>);
var to = "";
var toVal = document.getElementById("to").value;
if (toVal.indexOf(',') != "-1")
{
to = trim(toVal.substring(0 , toVal.indexOf(',')));
}
if (toVal.indexOf(';') != "-1")
{
to = trim(toVal.substring(0 , toVal.indexOf(';')));
}
document.getElementById("to").value = to;
document.getElementById("to").focus();
return false;
}
return true;
}
// CHNG86594 Validate email address
function validateEmail(str)
{
var at = "@"
var dot = "."
var lat = str.indexOf(at);
var lstr = str.length;
var ldot = str.indexOf(dot);
var error = 0;
if (str.indexOf(at) == -1)
{
error = 1
}
if (str.indexOf(at) == -1 || str.indexOf(at) == 0 || str.indexOf(at) == lstr)
{
error = 1
}
if (str.indexOf(dot) == -1 || str.indexOf(dot) == 0 || str.indexOf(dot) == lstr)
{
error = 1
}
if (str.indexOf(at,(lat+1)) != -1)
{
error = 1
}
if (str.substring(lat-1,lat) == dot || str.substring(lat+1,lat+2) == dot)
{
error = 1
}
if (str.indexOf(dot,(lat+2)) == -1)
{
error = 1
}
if (str.indexOf(" ") != -1)
{
error = 1
}
if (error == 1)
{
alert ( "<xsl:value-of select="$strErrorEmailAddress"/>" + str );
document.getElementById("to").focus();
return false
}
else
{
return true
}
}
function isAlphaNumeric(text, context){
var validValue = "><&?\"#%";
var ok = "yes";
var temp;
for (var i=0; i<text.length; i++)
{
temp = "" + text.substring(i, i+1);
if (validValue.indexOf(temp) != "-1")
{
ok = "no";
break;
}
}
if (ok == "no")
{
if(context == "to")
{
msg = "<xsl:value-of select="$strErrorAlphanumericOr"/>";
}
else if(context == "subject")
{
msg = "<xsl:value-of select="$strErrorAlphanumericOr1"/>";
}
else if(context == "desc")
{
msg = "<xsl:value-of select="$strErrorAlphanumericOr2"/>";
}
else if(context == "file")
{
msg = "<xsl:value-of select="$strErrorAlphanumericOr3"/>";
}
alert ("<xsl:value-of select="$strError1"/>" + temp + "<xsl:value-of select="$strIsInvalid"/>" + msg + text);
return false;
}
return true;
}
function ltrim ( s )
{
return s.replace( /^\s*/, "" )
}
function rtrim ( s )
{
return s.replace( /\s*$/, "" );
}
function trim ( s )
{
return rtrim(ltrim(s));
}
/* Remove uploadFile function to restrict upload function
<!-- function uploadFile()
{
if(document.getElementById("file").value == '')
{
alert("<xsl:value-of select="$strYouMustSelect"/>");
return;
}
if(!isAlphaNumeric(document.getElementById("file").value, "file"))
{
return;
}
else
{
var _fname = document.getElementById("file").value;
var _ext = ".gif";
if(_fname.indexOf(_ext) != -1)
{
alert(<xsl:value-of select="$strXLATESTARTYouShouldNot"/>);
return;
}
}
var count = <xsl:value-of select="Attachment/Count"/>;
document.getElementById("dataarea").encoding = "multipart/form-data";
document.getElementById("dataarea").enctype = "multipart/form-data";
var regQuote = /\'/g;
var PageName = "<xsl:value-of select="PageName"/>";
PageName = PageName.replace (regQuote, "\\\'");
var url = "./DataArea?plugin=com.dell.oma.webplugins.ShowSendEmailWebPlugin" +
"&pageTitle="+PageName ;
if(count == 1)
{
url = url + '&attachment=' + document.getElementById("attachment").value;
}
else
{
for(i=0; i <document.dataarea.attachment.length; i++)
{
if(document.dataarea.attachment[i].checked == true)
{
url = url + '&attachment=' + document.dataarea.attachment[i].value;
}
}
}
url = url + '&toAddr=' + document.getElementById("to").value;
url = url + '&sendto=' + document.getElementById("to").value;
document.getElementById("dataarea").redirectURL.value = url;
document.getElementById("dataarea").action = "./UploadServlet?caller=email";
uploadStart (document.dataarea.file.value, '');
formSubmit();
}
-->
*/
function encode_utf8( s )
{ return unescape( encodeURIComponent( s ) );}
function decode_utf8( s )
{ return decodeURIComponent( escape( s ) );
}
</script>
<!--No need to load 'Upload.js' file and define iframe as we removed uploadFile()function for restricting the file upload
<script language="JavaScript" src="/oma/js/Upload.js" />
<HTMLData>
<iframe id="uploadtest" name="uploadtest" style="visibility: hidden; height: 1px; width: 1px; top: 0px; left: 0px; position: absolute; z-index: -1" ></iframe>
</HTMLData>
-->
</DataArea>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>