* Tue Dec 31 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-35.sme

- fix PATH [SME: 12847]

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass

@@ -39,7 +39,18 @@
             $OUT .= "#       private access by default\n";
             $OUT .= "        Require ip $localAccess $externalSSLAccess\n";
         }
-        $OUT .= "    </Location>\n";
+        # any smanager script or style added in line should be hashed and added here to run in a modern browser
+        $OUT .= "                   Header set Content-Security-Policy  \"script-src 'self' 'unsafe-eval' 'unsafe-hashes' "
+        ." 'sha256-X8Qwlk0M9iDTQZqFVpbVcThRjBqQXpwTOZCLX8I+Frk=' 'sha256-inQ04nmqTZI75Z5g/tAzjahedNugPFfrhxHyoFezFkM=' 'sha256-5IsIX+Vbow7wwy2RjR3+5X06R/0CQZPkw3OHj/228cM=' 'sha256-tfVskwioRaNsV75h89itf7FujMgIrodfs1Ea4UAJNpE=' 'sha256-P51OyslUh5bGkoWk9qY+o4Su4HuwNFoQcFCeNxF7Ms8=' ; "
+        ." style-src 'self'  'unsafe-hashes' "
+        #'sha256-EhT63KK1JBrsUM27H+5RMNifDFpVB+GXcTtavKXwCK8=' #h2l1
+        #'sha256-msdEhWmYTu7vqzGaQHDfvy6lzlDsbKkouwvN2R6Co9E=' #busy-indicator
+        #'sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=' _footer.html.ep style="position:relative;"
+        #'sha256-bOTFT8zacR4Rfja/WIKXgAQQXVaPyG3oBlvAhU4ga8g=' _usr_list style="min-width:35em"
+        #'sha256-CP93jJ1Y8nMwUoDzFbo1srdgsbADPasAc0Wjig1ahpY=' groups style="min-width:15em"
+        ." 'sha256-msdEhWmYTu7vqzGaQHDfvy6lzlDsbKkouwvN2R6Co9E=' 'sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM='  'sha256-bOTFT8zacR4Rfja/WIKXgAQQXVaPyG3oBlvAhU4ga8g=' 'sha256-CP93jJ1Y8nMwUoDzFbo1srdgsbADPasAc0Wjig1ahpY=' 'sha256-EhT63KK1JBrsUM27H+5RMNifDFpVB+GXcTtavKXwCK8=' ;"
+	." \"\n"; 
+	$OUT .= "    </Location>\n";
         # prevent caching of manager files in browser
         $OUT .= "   <LocationMatch \"/$place/.+\.(html|cgi)\$\">\n";
         $OUT .= "                   Header set Cache-Control no-store\n";

root/usr/share/smanager/lib/SrvMngr/Controller/Proxy.pm

@@ -3,7 +3,7 @@ package SrvMngr::Controller::Proxy;
 #----------------------------------------------------------------------
 # heading     : System
 # description : Proxy settings
-# navigation  : 4000 700
+# navigation  : 4000 710
 #----------------------------------------------------------------------
 #
 # routes : end
@@ -72,4 +72,4 @@ sub do_update {
 };
 
 
-1;
+1;

root/usr/share/smanager/script/srvmngr

@@ -9,7 +9,7 @@ use esmith::util;
 BEGIN
 {
     $0 =~ /^(.+)$/ms; $0 = $1; # Untaint script name
-    $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
+    $ENV{'PATH'} = '/usr/sbin:/usr/bin:/usr/local/bin';
     $ENV{'SHELL'} = '/bin/bash';
     $ENV{'HOME'} = '/usr/share/smanager';
     delete $ENV{'ENV'};

root/usr/share/smanager/themes/default/templates/bugreport.html.ep

@@ -13,11 +13,10 @@
     
     <h1><%= $title %></h1>
     <!--br><%= $modul %><br-->
-    <p>
 
-    <p><b>
+    <b>
     %=l ('bugr_DO_NOT_PANIC')
-    </b></p>
+    </b>
     <p>
     %=l ('bugr_SME_EXPERIENCE')
     </p><p>
@@ -49,7 +48,7 @@
     %=l ('bugr_YUM_REPOS')
     </li><br></ul>
     %=l ('bugr_PRIVACY')
-    </p><p>
+    </p>
 
     <% my $btn = l('bugr_CREATE_REPORT'); %>
 
@@ -57,7 +56,7 @@
         %= submit_button "$btn", class => 'action'
     % end    
 
-    </p><p><b>
+    <p><b>
     %=l ('bugr_DONATING')
     </b><br><br>
     %=l ('bugr_AWARE_SME')
@@ -66,6 +65,7 @@
     </b><br><br>
     %=l ('bugr_CONSIDER_DONATING')
     <br><br>
+    </p>
 
     %= link_to 'https://wiki.koozali.org/Donate' => begin
 	%= image '/images/btn_donateCC_LG.gif'
@@ -76,8 +76,7 @@
 
     <br>
     %=l ('bugr_THANK_YOU')
-    </p>
 
 </div>
 
-%end
+%end

root/usr/share/smanager/themes/default/templates/bugreport2.html.ep

@@ -15,7 +15,6 @@
 
     <br><%= $modul %><br>
 
-    <p>
     <% my $btn = l('bugr_Download this report'); %>
 
     %= form_for 'bugreportD' => (method => 'POST') => begin
@@ -25,4 +24,4 @@
 
 </div>
 
-%end
+%end

root/usr/share/smanager/themes/default/templates/datetime.html.ep

@@ -45,6 +45,7 @@
 		%= $dat_datas->{now_string}
 		</b>
 		</p>
+		<p>
 		<br>
 		<span class=label>
 		%=l 'dat_NTP_SERVER'
@@ -121,4 +122,4 @@
     % end    
 
 </div>
-%end
+%end

root/usr/share/smanager/themes/default/templates/directory.html.ep

@@ -44,25 +44,25 @@
 	</span><span class=data>
 	%= text_field 'department' =>  $dir_datas->{department}, class => 'input'
 	</span>
-	</p>
+	</p><p>
 	<span class=label>
 	%=l 'dir_COMPANY', class => 'label'
 	</span><span class=data>
 	%= text_field 'company', $dir_datas->{company}, class => 'input'
 	</span>
-	</p>
+	</p><p>
 	<span class=label>
 	%=l 'dir_STREET', class => 'label'
 	</span><span class=data>
 	%= text_field 'street' =>  $dir_datas->{street}, class => 'input'
 	</span>
-	</p>
+	</p><p>
 	<span class=label>
 	%=l 'dir_CITY', class => 'label'
 	</span><span class=data>
 	%= text_field 'city', $dir_datas->{city}, class => 'input'
 	</span>
-	</p>
+	</p><p>
 	<span class=label>
 	%=l 'dir_PHONENUMBER', class => 'label'
 	</span><span class=data>
@@ -85,4 +85,4 @@
     % end    
 
 </div>
-%end
+%end

root/usr/share/smanager/themes/default/templates/layouts/default.html.ep

@@ -5,7 +5,7 @@
 <!-- default +jquery -->
 <head>
 <title><%= $title %></title>
-    <link rev="made" href="mailto:bugs%40koozali.org">
+    <link rel="made" href="mailto:bugs%40koozali.org">
     <meta name="copyright" content="(head.tmpl)Copyright 2003-2004 Mitel Corporation">
     %= stylesheet '/css/sme_core.css'
     %= stylesheet '/css/sme_main.css'
@@ -33,7 +33,7 @@
 	%= javascript '/js/buttons.print.min.js'
 	%= javascript '/js/flag-by-locale.js'
 
-	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.5.0/css/flag-icon.min.css">
+	<link rel="stylesheet" href="/smanager/css/flag-icon.min.css">
 	%= stylesheet '/css/sme-jquery-overrides.css'
 	
 	<style>

root/usr/share/smanager/themes/default/templates/partials/_dom_list.html.ep

@@ -46,19 +46,36 @@
             %= t td => (class => 'sme-border') => $domain->{'Content'}
             %= t td => (class => 'sme-border') => l('dom_' . $domain->{'Nameservers'})
 
-		% 	    my $actionModify = "<a href='domains2?CsrfDef=TOKEN&trt=UPD&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-modify-button' title=".l('MODIFY').">".l('MODIFY')."</button>" . "</a>"; 
-
-		%	    my $removable = ($domain->{Removable} || 'yes');
-		%	    my $actionRemove = '&nbsp;';
-
-		%	    if ($removable eq 'yes')  { 
-		% 		$actionRemove = "<a href='domains2?CsrfDef=TOKEN&trt=DEL&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; 
-		%	    }
-
-				<td class='sme-border' style="min-width:15em">
-					<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
-				</td>
-			</tr>
+		%# 	my $actionModify = "<a href='domains2?CsrfDef=TOKEN&trt=UPD&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-modify-button' title=".l('MODIFY').">".l('MODIFY')."</button>" . "</a>"; 
+			%my $modify_text = l('MODIFY');  # Localized text
+			%my $csrf_token = "TOKEN";  # CSRF token for security
+			%my $domain_name = $domain->{Domain};  # Domain name extracted from the data structure
+			%my $actionModify = qq{
+                        %       <a href="domains2?CsrfDef=$csrf_token&trt=UPD&Domain=$domain_name">
+			%	<button type='button' class='sme-modify-button' title='$modify_text' >
+			%		$modify_text
+			%	</button>
+                        %       </a>
+			%};
+			%my $removable = ($domain->{Removable} || 'yes');
+			%my $actionRemove = '&nbsp;';
+			%if ($removable eq 'yes')  { 
+					%my $remove_text = l('REMOVE');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $domain_name = $domain->{Domain};  # Domain name extracted from the data structure
+					%$actionRemove = qq{
+                                                %       <a href="domains2?CsrfDef=$csrf_token&trt=DEL&Domain=$domain_name">
+						%	<button type='button' class='sme-remove-button' title='$remove_text' >
+						%		$remove_text
+						%	</button>
+                                                %       </a>
+					%};
+				%#		$actionRemove = "<a href='domains2?CsrfDef=TOKEN&trt=DEL&Domain=" . $domain->{Domain} . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; 
+			%};
+			<td class='sme-border' style="min-width:15em">
+				<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
+			</td>
+		</tr>
 	%	}
 
 	</tbody>

root/usr/share/smanager/themes/default/templates/partials/_footer.html.ep

@@ -1,4 +1,4 @@
-<div id="footer" width=100%>
+<div id="footer">
 <HR class="sme-copyrightbar">
 <a href="https://mojolicious.org" target="_blank"><img src="images/sme-mojo-logo-white.png" style="position:relative;"></a>
 <font class="sme-copyright">
@@ -8,5 +8,4 @@
 <br>Copyright 1999-2006 Mitel Corporation<br>
 %= session 'copyRight'
 <br>Copyright (c) 2013-2024 Koozali Foundation Inc.<br>
-</font>
-
+</font>

root/usr/share/smanager/themes/default/templates/partials/_grp_list.html.ep

@@ -39,8 +39,27 @@
             %= t td => (class => 'sme-border') => $group->key
             %= t td => (class => 'sme-border') => $group->prop('Description')
 			<td class='sme-border' style="min-width:15em">
-				<a href='groups2?CsrfDef=TOKEN&trt=UPD&group=<%= $group->key%>'><button class='sme-modify-button' title=<%=l('MODIFY')%>><%=l('MODIFY') %></button></a>
-				<a href='groups2?CsrfDef=TOKEN&trt=DEL&group=<%= $group->key%>'><button class='sme-remove-button' title=<%=l('REMOVE')%>><%=l('REMOVE') %></button></a>
+				%my $modify_text = l('MODIFY');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%my $group_name = $group->key;  # group name extracted from the data structure
+				%my $actionModify = qq{
+                                %       <a href="groups2?CsrfDef=$csrf_token&trt=UPD&group=$group_name">
+				%	<button type='button' class='sme-modify-button' title='$modify_text' >
+				%		$modify_text
+				%	</button>
+                                %       </a>
+				%};
+				%my $remove_text = l('REMOVE');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%my $group_name = $group->key;  # group name extracted from the data structure
+				%my $actionRemove = qq{
+                                %       <a href="groups2?CsrfDef=$csrf_token&trt=DEL&group=$group_name">
+				%	<button type='button' class='sme-remove-button' title='$remove_text' > 
+				%		$remove_text
+				%	</button>
+                                %       </a>
+				%};
+				<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
 			</td>
     	</tr>
     %    }

root/usr/share/smanager/themes/default/templates/partials/_header.html.ep

@@ -68,7 +68,7 @@
 .login-button {
     background-color: #98d36e;     /* Button background color */
     font-weight: bold;              /* Bold text */
-    xxcolor: #ffffff;                 /* Button text color */
+    color: #ffffff;                 /* Button text color */
     padding: 8px 12px;              /* Adjust padding for button height */
     border: none;                   /* Remove default border */
     border-radius: 4px;             /* Rounded corners */
@@ -100,17 +100,17 @@
 		</div> 
 
 		<div id="h2e22">
-			<a id="help-button" target="_parent" href="manual"><button> ? </button></a>
+			<button type='button'class="login-button"><a id="help-button" target="_parent" href="manual">?</a></button>
 		</div>
     
         <div id="h2e12">
-			<a id="legacy-button" href="/server-manager" target='_blank'><button>Legacy SM</button></a>
+			<button type='button' class="login-button"><a id="legacy-button" href="/server-manager" target='_blank'>Legacy SM</a></button>
         </div>
 		<div id="h2e23">
 			% if ( not defined $c->session->{username} ) {
-				<a target="_parent" href="login"><button class="login-button">Login</button></a>
+				<button type='button' class="login-button"><a target="_parent" href="login">Login</a></button>
 			% } else {
-				<a target="_parent" href="logout"><button class="login-button"><%= $c->session->{username} %> Logout</button></a>
+				<button type='button' class="login-button"><a target="_parent" href="logout"><%= $c->session->{username} %> Logout</a></button>
 			% }
 		</div>
 		<div id="flag-container">

root/usr/share/smanager/themes/default/templates/partials/_hos_list.html.ep

@@ -49,25 +49,36 @@
             %= t td => (class => 'sme-border') => $_->{'IP'};
             %= t td => (class => 'sme-border') => $_->{'MACAddress'};
             %= t td => (class => 'sme-border') => $_->{'Comment'};
-    %	    my ($actionModify, $actionRemove) = ' ';
-    %	    if ($_->{'static'} ne 'yes') {
-    % 		$actionModify = "<a href='hostentriesd?CsrfDef=TOKEN&trt=UPD&Hostname=" . $_->{'HostName'} . "'>" . "<button class='sme-modify-button' title=".l('MODIFY').">".l('MODIFY')."</button>" . "</a>"; 
-    % 		$actionRemove = "<a href='hostentriesd?CsrfDef=TOKEN&trt=DEL&Hostname=" . $_->{'HostName'} . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; 
-    %	    }
 			<td class='sme-border' style="min-width:15em">
-				<%= $c->render_to_string(inline => $actionModify) %>
-				<%= $c->render_to_string(inline => $actionRemove) %>
+				%my ($actionModify, $actionRemove) = '&nbsp;';
+				%my $static = $_->{'static'} || "no";
+				%if ($static ne 'yes') {
+					%my $modify_text = l('MODIFY');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $hostentries_name = $_->{'HostName'};  # hostentries name extracted from the data structure
+					%$actionModify = qq{
+                                        %       <a href="hostentriesd?CsrfDef=$csrf_token&trt=UPD&Hostname=$hostentries_name">
+					%	<button type='button' class='sme-modify-button' title='$modify_text' > 
+					%		$modify_text
+					%	</button>
+                                        %       </a>
+					%};
+					%my $remove_text = l('REMOVE');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%#my $hostentries_name = $_->{'HostName'};  # hostentries name extracted from the data structure
+					%$actionRemove = qq{
+                                        %       <a href="hostentriesd?CsrfDef=$csrf_token&trt=DEL&Hostname=$hostentries_name">
+					%	<button type='button' class='sme-remove-button' title='$remove_text' >
+					%		$remove_text
+					%	</button>
+                                        %       </a>
+					%};
+				%}
+				<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
     	    </td>
-    
     	</tr>
-
     %	}
-
-    	</tbody>
-    	</table>
-	</p>
-
-    %	}
-
-
+   	</tbody>
+   	</table>
+     %	}
 </div>

root/usr/share/smanager/themes/default/templates/partials/_iba_list.html.ep

@@ -46,29 +46,62 @@
         <tr>
             %= t td => (class => 'sme-border') => $ibay->key
             %= t td => (class => 'sme-border') => $ibay->prop('Name')
-    %	    my ($actionModify, $actionResetPw, $actionRemove) = '&nbsp;';
-    %	    if ($modifiable eq 'yes') { 
-    % 		$actionModify = "<a href='ibaysd?CsrfDef=TOKEN&trt=UPD&ibay=" . $ibay->key . "'>" . "<button class='sme-modify-button' title=".l('MODIFY').">".l('MODIFY')."</button>" . "</a>"; 
-    %	    }
-    %	    if ($passwordable eq 'yes')  { 
-    %		if ($ibay->prop('PasswordSet') ne 'yes' && $needPassword) {
-    %#			$actionResetPw .= "<a href='ibaysd?CsrfDef=TOKEN&trt=PWD&ibay=" . $ibay->key . "' class='error'>" . l('PASSWORD_RESET') . "</a>"; 
-    %			$actionResetPw .= "<a href='ibaysd?CsrfDef=TOKEN&trt=PWD&ibay=" . $ibay->key. "'>" . "<button class='sme-password-button' style ='border-color:red;' title=".l("Reset-Password").">".l("Reset-Password")."</button></a>"; 
-%		} else {
-    %			$actionResetPw .= "<a href='ibaysd?CsrfDef=TOKEN&trt=PWD&ibay=" . $ibay->key . "'>" . "<button class='sme-password-button' title=".l("Reset-Password").">".l("Reset-Password")."</button></a>"; 
-    %#			$actionResetPw .= "<a href='ibaysd?CsrfDef=TOKEN&trt=PWD&ibay=" . $ibay->key . "'>" . l('PASSWORD_RESET') . "</a>"; 
-    %		}
-    %	        $actionResetPw .= '&nbsp';
-    %	    }
-    %	    if ($removable eq 'yes')  { 
-    % 		$actionRemove = "<a href='ibaysd?CsrfDef=TOKEN&trt=DEL&ibay=" . $ibay->key . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; 
-    %	    }
-    	    <td class='sme-border' style="min-width:20em">
+			<td class='sme-border' style="min-width:15em">
+				%my ($actionModify, $actionResetPw, $actionRemove) = '&nbsp;';
+				%if ($modifiable eq 'yes') { 
+					%my $modify_text = l('MODIFY');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $ibays_entry_name = $ibay->key;  # ibays_entry name extracted from the data structure
+					%$actionModify = qq{
+                                        %       <a href="ibaysd?CsrfDef=$csrf_token&trt=UPD&ibay=$ibays_entry_name">
+					%	<button type='button' class='sme-modify-button' title='$modify_text' > 
+					%		$modify_text
+					%	</button>
+                                        %       </a>
+					%};
+				%}
+				
+				%if ($passwordable eq 'yes')  { 
+					%my $password_text = l('PASSWORD_RESET');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $ibays_entry_name = $ibay->key;  # ibays_entry name extracted from the data structure
+					%if ($ibay->prop('PasswordSet') ne 'yes' && $needPassword) {
+						%$actionResetPw = qq{
+                                                %       <a href="ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name">
+						%	<button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; >
+						%		$password_text
+						%	</button>
+                                                %       </a>
+						%};
+					%} else {
+						%$actionResetPw = qq{
+                                                %       <a href="ibaysd?CsrfDef=$csrf_token&trt=PWD&ibay=$ibays_entry_name">
+						%	<button type='button' class='sme-password-button' title='$password_text' > 
+						%		$password_text
+						%	</button>
+                                                %       </a>
+						%};
+					%}
+					
+				%}
+
+				%if ($removable eq 'yes')  { 
+					%my $remove_text = l('REMOVE');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $ibays_entry_name = $ibay->key;  # ibays_entry name extracted from the data structure
+					%$actionRemove = qq{
+                                        %       <a href="ibaysd?CsrfDef=$csrf_token&trt=DEL&ibays=$ibays_entry_name">
+					%	<button type='button' class='sme-remove-button' title='$remove_text' >
+					%		$remove_text
+					%	</button>
+                                        %       </a>
+					%};
+				%}
 				<%= $c->render_to_string(inline => $actionModify) %>
 				<%= $c->render_to_string(inline => $actionResetPw)%>
 				<%= $c->render_to_string(inline => $actionRemove) %>
-			</td>
-    	</tr>
+    	    </td>
+   	</tr>
     %    }
     	</tbody>
     	</table>

root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKALLDOMAINS.html.ep

@@ -30,10 +30,16 @@
 		</span><br>
 	
 		<span class='data'>
-			%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()'
+                        %my $back_text = l('lets_Back');  # Localized text
+                        %my $actionBack = qq{
+                        %       <a href="letsencryptd">
+                        %       <input class='action back' type='submit'  value='$back_text'>
+                        %       </a>
+                        %};
+                      <%= $c->render_to_string(inline => $actionBack) %>
 		</span>
 		
 	
 		%# Probably finally by a submit.
 	%end    
-</div>
+</div>

root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKALLENABLEDDOMAINS.html.ep

@@ -30,10 +30,16 @@
 		</span><br>
 	
 		<span class='data'>
-			%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()'
+                        %my $back_text = l('lets_Back');  # Localized text
+                        %my $actionBack = qq{
+                        %       <a href="letsencryptd">
+                        %       <input class='action back' type='submit'  value='$back_text'>
+                        %       </a>
+                        %};
+                      <%= $c->render_to_string(inline => $actionBack) %>
 		</span>
 		
 	
 		%# Probably finally by a submit.
 	%end    
-</div>
+</div>

root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKONEDOMAIN.html.ep

@@ -37,10 +37,16 @@
 		</span><br>
 	
 		<span class='data'>
-			%= submit_button l('lets_Back'), class => 'action back', onclick =>'history.back()'
+                        %my $back_text = l('lets_Back');  # Localized text
+                        %my $actionBack = qq{
+                        %       <a href="letsencryptd">
+                        %       <input class='action back' type='submit'  value='$back_text'>
+                        %       </a>
+                        %};
+                      <%= $c->render_to_string(inline => $actionBack) %>
 		</span>
 		
 	
 		%# Probably finally by a submit.
 	%end    
-</div>
+</div>

root/usr/share/smanager/themes/default/templates/partials/_ln_list.html.ep

@@ -1,7 +1,6 @@
 <div id='ln_list'>
     % my $btn = l('ln_LOCALNETWORK_ADD');
     %= form_for '/localnetworksa' => (method => 'POST') => begin
-	<p>
 
 	% my $retref= $c->stash("ret");
 	% my %ret;
@@ -68,10 +67,10 @@
 				%=l 'ROUTER'
 			</th>
 
-			<th class='sme-border' '>
+			<th class='sme-border'>
 				%=l 'ACTION'
 			</th>
-			</tr>
+		</tr>
 			</thead><tbody>
 		%    foreach my $localnetwork (@$localnetworks )
 		%    {
@@ -84,18 +83,24 @@
 					%= t td => (class => 'sme-border') => $localnetwork->prop('Mask')
 					%= t td => (class => 'sme-border') => $num_hosts
 					%= t td => (class => 'sme-border') => $localnetwork->prop('Router')
-					%  if ($removable eq "yes") {
-						<td class='sme-border'>
-						<a href="localnetworksd?CsrfDef=TOKEN&trt=DEL&localnetwork=<%= $localnetwork->key%>"><button class='sme-remove-button' title="<%=l('REMOVE')%>"><%=l('REMOVE') %></button></a></td>
-					% } else {
-						<td class='sme-border'> </td> 
-					%}
+					%my $actionRemove = '&nbsp;';
+					%if ($removable eq "yes") {
+						%my $remove_text = l('REMOVE');  # Localized text
+						%my $local_network_entry = $localnetwork->key;
+						%my $csrf_token = "TOKEN";  # CSRF token for security
+						%$actionRemove = qq{
+                                                %       <a href="localnetworksd?CsrfDef=$csrf_token&trt=DEL&localnetwork=$local_network_entry">
+						%	<button type='button' class='sme-remove-button' title='$remove_text' >
+						%		$remove_text
+						%	</button>
+                                                %       </a>
+						%};
+					% }
+					<td class='sme-border'><%= $c->render_to_string(inline => $actionRemove) %></td>
 					</tr>
 		%  } 
 		</tbody>
 		</table>
-		</p>
-
 			%= hidden_field 'trt' => $ln_datas->{trt}
 	%}
 </div>

root/usr/share/smanager/themes/default/templates/partials/_nav_menu.html.ep

@@ -5,7 +5,7 @@
 	<!-- <a href='#' id='tognav' class='menu-title'>NAVIGATION</a> -->
 	<div id='menunav'>
 
-%    my $cc = 1;
+%    my $cc = 200;
 %    foreach my $h (sort { ($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) 
 %		<=> ($nav{$b}{'WEIGHT'}/$nav{$b}{'COUNT'}) } keys %nav) {
 %
@@ -33,4 +33,4 @@
 
 %    }
     </div>
-    </div>
+    </div>

root/usr/share/smanager/themes/default/templates/partials/_navig2.html.ep

@@ -5,7 +5,7 @@
 	 <!-- ><div><a href='#' id='togadm' class='menu-title'>ADMINISTRATION</a></div> -->
 	<div id='menuadm'>
 
-%    my $cc = 1;
+%    my $cc = 100;
 %    foreach my $h (sort { ($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) 
 %		<=> ($nav{$b}{'WEIGHT'}/$nav{$b}{'COUNT'}) } keys %nav) {
 	<div><a href='#' class='section section-title'><%= $h %></a></div>
@@ -35,4 +35,4 @@
 %    }
 
     </div>
-    </div>
+    </div>

root/usr/share/smanager/themes/default/templates/partials/_pf_list.html.ep

@@ -93,7 +93,16 @@
 		%= 			t td => (class => 'sme-border') => $allow
 		%= 			t td => (class => 'sme-border') => $cmmnt
 					<td class='sme-border'>
-						<a href="portforwardingd?CsrfDef=TOKEN&trt=DEL&sport=<%= $sport%>&proto=<%= $proto%>"><button class='sme-remove-button' title="<%=l('REMOVE')%>"><%=l('REMOVE') %></button></a>
+						%my $remove_text = l('REMOVE');  # Localized text
+						%my $csrf_token = "TOKEN";  # CSRF token for security
+						%my $actionRemove = qq{
+                                                %       <a href="portforwardingd?CsrfDef=$csrf_token&trt=DEL&sport=$sport&proto=$proto">
+						%	<button type='button' class='sme-remove-button' title='$remove_text' >
+						%		$remove_text
+						%	</button>
+                                                %       </a>
+						%};
+					<%= $c->render_to_string(inline => $actionRemove) %>
 					</td>
 			</tr>
          %       }
@@ -105,4 +114,3 @@
 	%= hidden_field 'trt' => $pf_datas->{trt}
  
 </div>
-

root/usr/share/smanager/themes/default/templates/partials/_prt_list.html.ep

@@ -57,7 +57,19 @@
             %= t td => (class => 'sme-border') => $printer->prop('Location')
             %= t td => (class => 'sme-border') => $address
             %= t td => (class => 'sme-border') => $remoteName
-	    <td class='sme-border'><a href="printers2?CsrfDef=TOKEN&trt=DEL&printer=<%= $printer->key%>"><button class='sme-remove-button' title="<%=l('REMOVE')%>"><%=l('REMOVE') %></button></a></td>
+			<td class='sme-border'>
+				%my $remove_text = l('REMOVE');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%my $printer_name = $printer->key;
+				%my $actionRemove = qq{
+                                %       <a href="printers2?CsrfDef=$csrf_token&trt=DEL&&printer=$printer_name">
+				%	<button type='button' class='sme-remove-button' title='$remove_text' >
+				%		$remove_text
+				%	</button>
+                                %       </a>
+				%};
+			<%= $c->render_to_string(inline => $actionRemove) %>
+			</td>
     	</tr>
     %    }
     	</tbody>

root/usr/share/smanager/themes/default/templates/partials/_pse_list.html.ep

@@ -54,19 +54,37 @@
             %= t td => (class => 'sme-border') => $pseudonym->key
             %= t td => (class => 'sme-border') => $account
 
-    %	    my ($actionModify, $actionRemove) = ' ';
-    %	    if ($modifiable eq 'yes') { 
-    % 		$actionModify = "<a href='pseudonyms2?CsrfDef=TOKEN&trt=UPD&pseudonym=" . $pseudonym->key . "'>" . "<button class='sme-modify-button' title=".l('MODIFY').">".l('MODIFY')."</button>" . "</a>"; 
-    %	    }
-    %	    if ($removable eq 'yes')  { 
-    % 		$actionRemove = "<a href='pseudonyms2?CsrfDef=TOKEN&trt=DEL&pseudonym=" . $pseudonym->key . "'>" . "<button class='sme-remove-button' title=".l('REMOVE').">".l('REMOVE')."</button>" . "</a>"; 
-    %	    }
+			<td class='sme-border'>
+				%my ($actionModify, $actionRemove) = '&nbsp;'; 
+				%if ($modifiable eq 'yes') { 
+					%my $modify_text = l('MODIFY');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $pseudonyms_entry_name = $pseudonym->key;  # pseudonyms_entry name extracted from the data structure
+					%$actionModify = qq{
+                                        %       <a href="pseudonyms2?CsrfDef=$csrf_token&trt=UPD&pseudonym=$pseudonyms_entry_name">
+					%	<button type='button' class='sme-modify-button' title='$modify_text' >
+					%		$modify_text
+					%	</button>
+                                        %       </a>
+					%};
+				%}
 
-    	    <td class='sme-border' style="min-width:15em">
-				<%= $c->render_to_string(inline => $actionModify) %>&nbsp;<%= $c->render_to_string(inline => $actionRemove) %>
-    	    </td>
-    	</tr>
+				%if ($removable eq 'yes')  { 
+					%my $remove_text = l('REMOVE');  # Localized text
+					%my $csrf_token = "TOKEN";  # CSRF token for security
+					%my $pseudonyms_entry_name = $pseudonym->key;  # pseudonyms_entry name extracted from the data structure
+					%$actionRemove = qq{
+                                        %       <a href="pseudonyms2?CsrfDef=$csrf_token&trt=DEL&pseudonym=$pseudonyms_entry_name">
+					%	<button type='button' class='sme-remove-button' title='$remove_text' >
+					%		$remove_text
+					%	</button>
+                                        %       </a>
+					%};
+				%}
+				<%= $c->render_to_string(inline => $actionModify) %> <%= $c->render_to_string(inline => $actionRemove) %>
 
+			</td>
+		</tr>
     %    }
     	</tbody>
     	</table>
@@ -76,4 +94,3 @@
 
 
 </div>
-

root/usr/share/smanager/themes/default/templates/partials/_quo_list.html.ep

@@ -57,7 +57,19 @@
             %= t td => (class => 'sme-border') => sprintf("%.2f", $bs / 1024 )
             %= t td => (class => 'sme-border') => sprintf("%.2f", $bh / 1024 )
             %= t td => (class => 'sme-border') => sprintf("%.2f", $bc / 1024 )
-	    <td class='sme-border'><a href="quotad?CsrfDef=TOKEN&trt=UPD&user=<%= $user->key%>"><button class='sme-modify-button' title="<%=l('MODIFY')%>"><%=l('MODIFY') %></button></a></td>
+			<td class='sme-border'>
+				%my $modify_text = l('MODIFY');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%my $quota_user_name = $user->key;  # quotas_entry name extracted from the data structure
+				%my $actionModify = qq{
+                                %       <a href="quotad?CsrfDef=$csrf_token&trt=UPD&user=$quota_user_name">
+				%	<button type='button' class='sme-modify-button' title='$modify_text' >
+				%		$modify_text
+				%	</button>
+                                %       </a>
+				%};
+				<%= $c->render_to_string(inline => $actionModify) %>
+			</td>
     	</tr>
     %    }
     	</tbody>

root/usr/share/smanager/themes/default/templates/partials/_quo_upd.html.ep

@@ -37,7 +37,7 @@
 	%= $ic 
         %=l 'quo_FILES' 
 	%=l 'quo_OCCUPYING' 
-	%= $bc 
+	%= $c->toMB($bc)
 	%=l 'quo_MEGABYTES'
 	</p>
 	
@@ -81,4 +81,4 @@
 	
     % end    
 
-</div>
+</div>

root/usr/share/smanager/themes/default/templates/partials/_user_menu.html.ep

@@ -4,7 +4,7 @@
 	<div id='usermenu'>
 	<a href='#' id='toguser' class='section section-title'>Current User (<%= session 'username' %>)</a>
 	<div id='menuuser'>
-%    my $cc = 1;
+%    my $cc = 300;
 %    foreach my $h (sort { ($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) 
 %		<=> ($nav{$b}{'WEIGHT'}/$nav{$b}{'COUNT'}) } keys %nav) {
 	<!-- div class='section'><%= $h %></div -->
@@ -29,4 +29,4 @@
 %    }
 
     </div>
-    </div>
+    </div>

root/usr/share/smanager/themes/default/templates/partials/_usr_list.html.ep

@@ -59,35 +59,88 @@
             %= t td => (class => 'sme-border') => "$first  $last"
             %= t td => (class => 'sme-border') => $vpnaccess
             %= t td => (class => 'sme-border') => $fwd
-    %	    my ($actionModify, $actionLock, $actionResetPw, $actionRemove) = ' ';
-    %	    if ($username eq 'admin')  { 
-    % 	    	$actionModify = "<a href='useraccountsd?CsrfDef=TOKEN&trt=UPS&user=" . $username . "'>" . "<button class='sme-modify-button' title=".l("MODIFY").">".l("MODIFY")."</button></a>"; 
-    %			$actionResetPw = "<a href='useraccountsd?CsrfDef=TOKEN&trt=PWS&user=" . $username . "'>" . "<button class='sme-password-button' title=".l("Reset-Password").">".l("Reset-Password")."</button></a>"; 
-    %	    } else {
-    % 	    	$actionModify = "<a href='useraccountsd?CsrfDef=TOKEN&trt=UPD&user=" . $username . "'>" . "<button class='sme-modify-button' title=".l("MODIFY").">".l("MODIFY")."</button></a>"; 
-    %		if ($password_set ne 'yes') {
-    %			$actionLock = l('ACCOUNT_LOCKED'); 
-    %			$actionResetPw = "<a href='useraccountsd?CsrfDef=TOKEN&trt=PWD&user=" . $username . "'>" . "<button class='sme-password-button' style ='border-color:red;' title=".l("Reset-Password").">".l("Reset-Password")."</button></a>"; 
-    %		} else {
-    %			$actionLock = "<a href='useraccountsd?CsrfDef=TOKEN&trt=LCK&user=" . $username . "'>" . "<button class='sme-lock-button' title=".l('usr_LOCK_ACCOUNT').">".l("usr_LOCK_ACCOUNT")."</button></a>"; 
-    %			$actionResetPw = "<a href='useraccountsd?CsrfDef=TOKEN&trt=PWD&user=" . $username . "'>" . "<button class='sme-password-button' title=".l("Reset-Password").">".l("Reset-Password")."</button></a>"; 
-    %		}
-    %	    	if ( $removable eq 'yes' )  { 
-    % 			$actionRemove = "<a href='useraccountsd?CsrfDef=TOKEN&trt=DEL&user=" . $username . "'>" . "<button class='sme-remove-button' title=".l("REMOVE").">".l("REMOVE")."</button></a>"; 
-    %		}
-    %	    }
-    %		
-    %		my $thisdomain = session 'SystemName';
-    %		$thisdomain .= ".".session 'DomainName';
-    %#		my $thisdomain = "localhost";
+			%my ($actionModify, $actionLock, $actionResetPw, $actionRemove,$actionroundcube) = '&nbsp;';
+			%my $modify_text = l('MODIFY');  # Localized text
+			%my $csrf_token = "TOKEN";  # CSRF token for security
+			%my $useraccounts_user_name = $user->key;  # useraccountss_entry name extracted from the data structure
+			%my $password_text = l("PASSWORD_RESET");
+			%if ($useraccounts_user_name eq 'admin')  { 
+				%$actionModify = qq{
+                                %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=UPS&user=$useraccounts_user_name">
+				%	<button type='button' class='sme-modify-button' title='$modify_text'>
+				%		$modify_text
+				%	</button>
+                                %       </a>
+				%};
+			%} else {
+				%$actionModify = qq{
+                                %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=UPD&user=$useraccounts_user_name">
+				%	<button type='button' class='sme-modify-button' title='$modify_text' >
+				%		$modify_text
+				%	</button>
+                                %       </a>
+				%};
+			%}
+			%if ($password_set ne 'yes') {
+				%$actionLock = l('ACCOUNT_LOCKED');
+				%$actionResetPw = qq{
+                                %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name">
+				%	<button type='button' class='sme-password-button unset' title="$password_text - currently unset" style = background:pink; >
+				%		$password_text
+				%	</button>
+                                %       </a>
+				%};
+			%} else {
+				%my $lock_text = l('ACCOUNT LOCKED');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%my $useraccounts_user_name = $user->key;  # useraccountss_entry name extracted from the data structure
+				%$actionLock = qq{
+                                %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=LCK&user=$useraccounts_user_name">
+				%	<button type='button' class='sme-lock-button' title='$lock_text' >
+				%		$lock_text
+				%	</button>
+                                %       </a>
+				%};
+				%$actionResetPw = qq{
+                                        %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=PWD&user=$useraccounts_user_name">
+					%	<button type='button' class='sme-password-button' title='$password_text' >
+					%		$password_text
+					%	</button>
+                                        %       </a>
+					%};
+			%}
+			%if ( $removable eq 'yes' )  { 
+				%my $remove_text = l('REMOVE');  # Localized text
+				%my $csrf_token = "TOKEN";  # CSRF token for security
+				%$actionRemove = qq{
+                                %       <a href="useraccountsd?CsrfDef=$csrf_token&trt=DEL&user=$useraccounts_user_name">
+				%	<button type='button' class='sme-remove-button' title='$remove_text' >
+				%		$remove_text
+				%	</button>
+                                %       </a>
+				%};
+			%}
+			
+			%my $thisdomain = session 'SystemName';
+			%$thisdomain .= ".".session 'DomainName';
+			%my $roundcube_text = l('Webmail');  # Localized text
+			%my $csrf_token = "TOKEN";  # CSRF token for security
+			%my $useraccounts_user_name = $user->key;  # useraccountss_entry name extracted from the data structure
+			%$actionroundcube = qq{
+                        %       <a href="roundcubepanel?CsrfDef=$csrf_token&url=https://$thisdomain/roundcube?_user=$useraccounts_user_name">
+			%	<button type='button' class='sme-email-button' title='$roundcube_text' >
+			%		$roundcube_text
+			%	</button>
+                        %       </a>
+			%};
 
-    	    <td class='sme-border' style="min-width:35em">
+		<td class='sme-border' style="min-width:35em">
 				<%= $c->render_to_string(inline => $actionModify) %>
 				<%= $c->render_to_string(inline => $actionResetPw) %>
 				<%= $c->render_to_string(inline => $actionLock) %>
 				<%= $c->render_to_string(inline => $actionRemove) %>
-				<a href="<%= "roundcubepanel/?url=https://".$thisdomain."/" %>roundcube?_user=<%= $username %>"><button class="sme-email-button" title="<%= l('EMAIL') %>"><%= l('EMAIL') %></button></a>
-    	    </td>
+				<%= $c->render_to_string(inline => $actionroundcube) %>
+		</td>
     	</tr>
     %    }
     	</tbody>

root/usr/share/smanager/themes/default/templates/printers.html.ep

@@ -12,8 +12,8 @@
 
     % if ( stash 'error' ) {
     	<br><div class=sme-error>
-    	%= $c->render_to_string(inline => stash 'error') 
-	</div>
+			%= $c->render_to_string(inline => stash 'error') 
+		</div>
     %}
 
     <h1><%= $title%></h1>
@@ -29,5 +29,4 @@
 	    %}
 
 </div>
-%end
-
+%end

root/usr/share/smanager/themes/default/templates/remoteaccess.html.ep

@@ -52,12 +52,11 @@
 
 	<hr class='sectionbar' />
 
-	</p>
     %}
 
 	<!-- percequ include 'partials/_rma_pptp' -->
 
-	<p><h2>
+	<h2>
 	%= $c->l('rma_VALIDFROM_TITLE', $c->l('rma_REMOTE_MANAGEMENT'));
 	</h2><br>
 	%=l 'rma_VALIDFROM_DESC'
@@ -86,7 +85,7 @@
             %= t td => (class => 'sme-border') => $net
             %= t td => (class => 'sme-border') => $mask
             %= t td => (class => 'sme-border') => $numhosts
-            <td class='sme-border'><input type='checkbox' name='Remove_nets' value='<%= $net.'/'.$mask %>'> </td>
+            <td class='sme-border'><input type='checkbox' name='Remote_nets' value='<%= $net.'/'.$mask %>'> </td>
     	</tr>
     %    }
 
@@ -102,9 +101,6 @@
         %= l('rma_NO_ENTRIES_YET');
 	</b>
     %}
-	</p>
-
-	<p>
 	%=l 'rma_DESC_VALID_FROM_ENTRIES'
 	<br><br>
 	<span class=label>
@@ -118,11 +114,10 @@
 	</span><span class=data>
 	%= text_field 'ValidFromMask', class => 'input'
 	</span>
-	</p>
 
 	<hr class='sectionbar' />
 
-	<p><h2>
+	<h2>
 	%=l 'rma_TITLE_SSH'
 	</h2><br>
 	%=l 'rma_DESC_SSH'
@@ -158,11 +153,10 @@
 	%= text_field 'SshTCPPort', class => 'input'
 	</span>
 	<br>
-	</p>
 
 	<hr class='sectionbar' />
 
-	<p><h2>
+	<h2>
 	%=l 'rma_TITLE_FTP_ACCESS'
 	</h2><br>
 	%= $c->render_to_string(inline => $c->l('rma_DESC_FTP_ACCESS'));
@@ -186,11 +180,9 @@
 	%= select_field 'FtpPasswordAccess' => $c->passwordLogin_list(), class => 'input'
 	</span>
 	<br>
-	</p>
 
     % my $mode = $c->get_telnet_mode();
     % if ( $mode ne 'off') {
-	<p>
 	<hr class='sectionbar' />
 
 	<h2>
@@ -210,16 +202,13 @@
 	</span>
 	<br>
 
-	</p>
     %}
 
-	<p>
 	<br>
 	%= submit_button "$btn", class => 'action'
-	</p>
 
     % end
 
 </div>
 
-% end
+% end

smeserver-manager.spec

@@ -2,7 +2,7 @@ Summary: Sme server  navigation module : manager 2
 %define name smeserver-manager
 Name: %{name}
 %define version 11.0.0
-%define release 30
+%define release 35
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -115,6 +115,25 @@ true
 %defattr(-,root,root)
 
 %changelog
+* Tue Dec 31 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-35.sme
+- fix PATH [SME: 12847]
+
+* Tue Dec 31 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-34.sme
+- fix css warning xxcolor [SME: 12844]
+- update CSP style rules [SME: 12840]
+
+* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-33.sme
+- host locally flag-icon.min.css 3.5.0 [SME: 12845]
+- remove onclick to comply with strict CSP [SME: 12846]
+- add CSP rules with specific hash [SME: 12840]
+
+* Wed Dec 18 2024 Brian Read <brianr@koozali.org> 11.0.0-32.sme
+- Fix for User and localnetwork panel [SME: 6278]
+- Fix menu entry for proxy to stop it moving 
+
+* Tue Dec 17 2024 Brian Read <brianr@koozali.org> 11.0.0-31.sme
+- Edit html to avoid w3c html validation warnings [SME: 6278]
+
 * Fri Dec 13 2024 Brian Read <brianr@koozali.org> 11.0.0-30.sme
 - Add in letsencrypt panel, add requires for smeserver-lib and smeserver-certificates [SME: 12810]