smeserver-manager/sme10/smeserver-manager-0.1.2-CSRFDefender_cronjob_fail2ban.patch

diff -urN smeserver-manager-0.1.2.old/f2b/fail2ban_smanager/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager smeserver-manager-0.1.2/f2b/fail2ban_smanager/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager
--- smeserver-manager-0.1.2.old/f2b/fail2ban_smanager/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager  1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/f2b/fail2ban_smanager/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager      2021-06-07 20:42:59.111000000 +0400
@@ -0,0 +1,25 @@
+{
+my $port = (${'httpd-e-smith'}{'TCPPort'} || '80') .','. 
+           ($modSSL{'TCPPort'} || '443');
+my $status = $smanager{'status'} || 'disabled';
+my $f2b = $smanager{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
+
+$OUT .=<<"EOF";
+
+[smanager]
+enabled  = true
+port     = $port
+filter   = smanager
+logpath  = /usr/share/smanager/log/production.log
+maxretry = 3
+findtime = 300
+bantime  = 1800
+action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
+
+EOF
+
+$OUT .= "           smeserver-sendmail[name=\"SManager\",dest=$maildest]\n"
+       if ($mail eq 'enabled');
+
+}
diff -urN smeserver-manager-0.1.2.old/f2b/fail2ban_smanager/etc/fail2ban/filter.d/smanager.conf smeserver-manager-0.1.2/f2b/fail2ban_smanager/etc/fail2ban/filter.d/smanager.conf
--- smeserver-manager-0.1.2.old/f2b/fail2ban_smanager/etc/fail2ban/filter.d/smanager.conf       1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/f2b/fail2ban_smanager/etc/fail2ban/filter.d/smanager.conf   2021-02-12 00:11:46.000000000 +0400
@@ -0,0 +1,26 @@
+# Fail2Ban filter for Smanager attempted bypasses
+
+[Definition]
+#[Mon Nov  9 20:33:34 2020] [info] Login FAILED: mab   192.168.0.11
+
+#_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+#failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+#            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+
+failregex = ^\[.*\] \[info\] Login FAILED: .*\t<HOST>$
+
+#ignoreregex = 
+ignoreregex = ^\[.*\] \[debug\] .*$
+ignoreregex = ^\[.*\] \[info\] Login succeeded: .*$
+
+#datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+
+#datepattern = ^[%%a %%b %%d %%H:%%M:%%S %%Y]
+#datepattern = ^\[%%a %%b %%-d %%X %%Y\]
+#^[LN-BEG]
+#          ^[%%a %%b %%-d %%X %%Y]
+#      {^LN-BEG}Epoch
+datepattern = {^LN-BEG}
+
+# Author: Michel Begue
+
diff -urN smeserver-manager-0.1.2.old/root/etc/e-smith/templates/etc/crontab/smanager smeserver-manager-0.1.2/root/etc/e-smith/templates/etc/crontab/smanager
--- smeserver-manager-0.1.2.old/root/etc/e-smith/templates/etc/crontab/smanager 1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/etc/e-smith/templates/etc/crontab/smanager     2021-06-06 21:46:59.000000000 +0400
@@ -0,0 +1,6 @@
+{
+    return "# smanager is disabled\n" 
+       unless $smanager{status} eq 'enabled';
+
+    return "15 0 * * * root /usr/share/smanager/script/daily.sh \n"
+}
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Bugreport/bugreport_fr.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Bugreport/bugreport_fr.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Bugreport/bugreport_fr.lex     2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Bugreport/bugreport_fr.lex 2021-06-08 19:54:31.919000000 +0400
@@ -7,7 +7,7 @@
 'bugr_REPORT_CONTENT' => 'Le rapport contiendra les informations suivantes ',
 'bugr_SME_VERSION' => 'Version du Serveur Koozali SME',
 'bugr_SERVER_MODE' => 'Mode d’installation du serveur',
-'bugr_PREVIOUS_SERVER_MODE' => 'Mode d’installation précédent du serveur',
+'bugr_PREVIOUS_SERVER_MODE' => 'Mode d\’installation précédent du serveur',
 'bugr_KERNEL_AND_ARCH' => 'Version chargée du kernel et architecture',
 'bugr_INSTALLED_RPMS' => 'Une liste des RPMs additionnels installés sur votre serveur',
 'bugr_ALTERED_TEMPLATES' => 'Une liste des gabarits SME qui ont été altérés sur votre serveur par rapport à une installation de base',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Domains/domains_en.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Domains/domains_en.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Domains/domains_en.lex 2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Domains/domains_en.lex     2021-06-07 22:20:14.162000000 +0400
@@ -36,11 +36,6 @@
 is now being restarted.The links on this page will be inactive
 until the web server restart is complete.',
 'dom_DESC_CORPORATE_DNS_CURRENT' => 'Corporate DNS Settings',
-'dom_BUTTON_CORPORATE_DNS' => 'If this server does not have access to the Internet, or you have special
-requirements for DNS resolution, enter the DNS server IP address here.
-You should not enter the address of your ISP\'s DNS servers here, as the server
-is capable of resolving all Internet DNS names without this additional
-configuration.',
 'dom_DOMAINS_PAGE_CORPORATE_DNS' => 'Modify corporate DNS settings',
 'dom_DESC_CORPORATE_DNS' => 'If this server does not have access to the Internet, or
 you have special requirements for DNS resolution, 
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_en.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_en.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_en.lex 2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_en.lex     2021-06-07 00:08:17.000000000 +0400
@@ -140,3 +140,4 @@
 'User password' => 'User password',
 Logout => 'Logout',
 Home => 'Home',
+CSRF_VALIDATION_FAILURE => 'Error: CSRF token is invalid or outdated.',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_fr.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_fr.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_fr.lex 2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_fr.lex     2021-06-07 00:08:32.000000000 +0400
@@ -142,5 +142,4 @@
 'User password' => 'Mot de passe utilisateur',
 Logout => 'Déconnexion',
 Home => 'Accueil',
-
-
+CSRF_VALIDATION_FAILURE => 'Erreur: le jeton CSRF est invalide ou expiré.',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zh-tw.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zh-tw.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zh-tw.lex      1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zh-tw.lex  2021-06-03 17:31:23.272000000 +0400
@@ -0,0 +1,129 @@
+'Collaboration' => '協作',
+'Administration' => '管理',
+'Security' => '安全性',
+'Configuration' => '設定組態',
+'Miscellaneous' => '雜項',
+'Your Settings' => '您的設定',
+'SAVE' => '儲存',
+'CANCEL' => '取消',
+'ENABLED' => '啟用',
+'DISABLED' => '禁用',
+'NO' => '否',
+'YES' => '是',
+'ADD' => '新增',
+'CREATE' => '建立',
+'MODIFY' => '修改',
+'REMOVE' => '移除',
+'COMMENT' => '備註',
+'NEXT' => '下一步',
+'SELF' => '自己',
+'REMOTE' => '遠端',
+'LOCAL' => '本機',
+'ACTION' => '動作',
+'NETWORK' => '網絡',
+'ROUTER' => '路由器',
+'OPERATION_STATUS_REPORT' => '運作狀態回報',
+'ACCOUNT' => '帳號',
+'GROUP' => '群組',
+'DESC_SECTIONBAR' => ' <hr class="sectionbar"/> ',
+'NO_PIPES_ALLOWED' => '管線符號（|）在此區塊中是不允許的',
+'ERROR_BELOW' => '錯誤：網頁驗證時存在錯誤。請下拉頁面並找到指定錯誤。',
+'ACCESS' => '存取',
+'ACCOUNT_LOCKED' => '帳號鎖定',
+'GROUP_ADD' => '增加群組',
+'NETWORKS_ALLOW_LOCAL' => '僅限區域網路存取',
+'NETWORKS_ALLOW_PUBLIC' => '允許公開存取（全部網際網路）',
+'ERROR_PASSWORD_CHANGE' => '試圖變更您的密碼時發生錯誤。請確認輸入的舊密碼是否正確。',
+'BACK' => '返回',
+'BACKUP' => '備份',
+'DESCRIPTION_BRIEF' => '簡介',
+'PASSWORD_CHANGE' => '改變密碼',
+'RESET_PASSWORD_TITLE' => '重設使用者密碼',
+'ACCOUNT_PASSWORD_CHANGE' => '修改帳號密碼',
+'CONTENT' => '內容',
+'CREATE_GROUP' => '建立使用者群組',
+'USER_LIST_CURRENT' => '當前使用者列表',
+'DESCRIPTION' => '介紹',
+'DESTINATION' => '目的地',
+'DOMAIN_NAME' => '網域名稱',
+'DOMAIN' => '網域',
+'DOMAINS' => '眾網域',
+'DOWNLOAD' => '下載',
+'ERROR_UPDATING_CONFIGURATION' => '更新系統設定時錯誤。',
+'GROUP_MEMBERS' => '群組成員',
+'GROUP_NAME' => '群組名稱',
+'GROUPS' => '群組',
+'IP_ADDRESS' => 'IP 地址',
+'IP_ADDRESS_OR_FQDN' => 'IP地址或FQDN',
+'USER_INVALID' => '無效使用者',
+'LOCATION' => '位置',
+'MB' => '百萬位元(Mb)',
+'MODIFY_USER_GROUP' => '修正使用者群組',
+'NAME' => '名稱',
+'PASSWORD_VERIFY_NEW' => '新密碼（驗證）：',
+'PASSWORD_NEW' => '新密碼：',
+'OFF' => '關閉',
+'OK' => '確定',
+'PASSWORD_OLD' => '舊密碼：',
+'ON' => '開啟',
+'PASSWORD' => '密碼',
+'PERFORM' => '執行',
+'RECONFIGURE' => '重新設定',
+'REMOVE_USER_GROUP' => '移除使用者群組',
+'PASSWORD_RESET' => '重設密碼',
+'RESTORE' => '還原',
+'SHUTDOWN' => '關閉系統',
+'SUCCESS' => '成功',
+'ACCOUNT_NAME_INVALID' => '輸入的帳號名稱無效。',
+'ACCOUNT_NAME_INVALID_CHARS' => '您輸入的帳號名稱包含無效字元。',
+'PASSWORD_OLD_INVALID_CHARS' => '您輸入的舊密碼包含無效字元。',
+'PASSWORD_INVALID_CHARS' => '您輸入的密碼包含無效字元。',
+'PASSWORD_VERIFY_ERROR' => '您輸入的密碼不符。',
+'ACCOUNT_USER_NONE' => '系統中無使用者帳號。',
+'ACCOUNT_GROUP_NONE' => '系統中無使用者群組。',
+'ERROR_INVALID_CHARS' => '描述涵蓋未預期字元。',
+'USER_NAME' => '使用者名稱',
+'YOUR_ACCOUNT' => '您的帳號：',
+'YOUR_ACCOUNT_INVALID' => '輸入的帳號名稱無效。',
+'PASSWORD_CHANGE_SUCCESS' => '您的密碼已修改成功。',
+'FM_NONBLANK' => '此區塊不能留白。',
+'FM_INTEGER' => '此區塊必須包含一個正整數。',
+'FM_NUMBER' => '此區塊必須包含一個數字。',
+'FM_WORD' => '此區塊必須看起來像個單一的字。',
+'FM_DATE' => '輸入的資料無法被解析為日期',
+'FM_CREDIT_CARD_NUMBER1' => '您必須輸入信用卡號碼',
+'FM_CREDIT_CARD_NUMBER2' => '信用卡號碼不應該包含數字、空格或破折號以外的其他字元',
+'FM_CREDIT_CARD_NUMBER3' => '字元長度至少為14個',
+'FM_CREDIT_CARD_NUMBER4' => '似非有效信用卡號碼',
+'FM_CREDIT_CARD_EXPIRY1' => '無輸入屆期日',
+'FM_CREDIT_CARD_EXPIRY2' => '屆期日格式須為MM/YY或MM/YYYY',
+'FM_CREDIT_CARD_EXPIRY3' => '似乎已過屆期日',
+'FM_CREDIT_CARD_EXPIRY4' => '未來屆期日似乎太長',
+'FM_ISO_COUNTRY_CODE1' => '您必須提供國碼',
+'FM_ISO_COUNTRY_CODE2' => '此欄位不包含ISO國碼',
+'FM_US_STATE' => '此似非有效2位元美國州縮寫',
+'FM_US_ZIPCODE' => '美國郵遞區號必須包含5或9個數字',
+'FM_MINLENGTH1' => '以{$minlength}指定的最小長度是無意義的。',
+'FM_MINLENGTH2' => '此區段最少需要{$minlength}個字元。',
+'FM_MAXLENGTH1' => '以{$maxlength}指定的最大長度是無意義的。',
+'FM_MAXLENGTH2' => '此區段不得超過{$maxlength}個字元。',
+'FM_EXACTLENGTH1' => '您必須為此區段指定長度。',
+'FM_EXACTLENGTH2' => '您必須以整數為此區段指定準確長度。',
+'FM_EXACTLENGTH3' => '此區段必須確定為{$exactlength}個字元。',
+'FM_LENGTHRANGE1' => '您必須為此區段指定最大與最小長度。',
+'FM_LENGTHRANGE2' => '您必須以整數為此區段指定最大與最小長度。',
+'FM_LENGTHRANGE3' => '此區段必須介於 {$minlength}與{$maxlength}個字元。',
+'FM_URL' => '此區段的URL必須以http://或ftp://開頭',
+'FM_EMAIL_SIMPLE1' => '您必須輸入一個電郵地址。',
+'FM_EMAIL_SIMPLE2' => '此區段不似RFC822相容的電郵地址',
+'FM_DOMAIN_NAME' => '此區段不似有效的網際網路網域名稱或主機名稱。',
+'FM_IP_NUMBER1' => '此區段必須包含一個有效的IP位址且不能留白。',
+'FM_IP_NUMBER2' => '無效的IP位址格式（例如X.X.X.X）',
+'FM_IP_NUMBER3' => '{$octet}大於255',
+'FM_USERNAME' => '此區塊需類有效使用者名稱（3到8個字母和數字）',
+'FM_PASSWORD1' => '您需提供密碼。',
+'FM_PASSWORD2' => '您提供的密碼不佳。良好的密碼需涵蓋以下：大小寫字母、數字、特殊字元，以及至少7個字元。',
+'FM_MAC_ADDRESS1' => '您需提供MAC位址。',
+'FM_MAC_ADDRESS2' => '您提供的MAC位址無效。',
+'FM_ERR_UNEXPECTED_DESC' => '錯誤：描述中涵蓋未知字元或遺失字元。',
+'CSRF_VALIDATION_FAILURE' => 'Error: CSRF token is invalid or outdated.',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zn-tw.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zn-tw.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zn-tw.lex      2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/General/general_zn-tw.lex  1970-01-01 04:00:00.000000000 +0400
@@ -1,129 +0,0 @@
-'Collaboration' => '協作',
-'Administration' => '管理',
-'Security' => '安全性',
-'Configuration' => '設定組態',
-'Miscellaneous' => '雜項',
-'Your Settings' => '您的設定',
-'SAVE' => '儲存',
-'CANCEL' => '取消',
-'ENABLED' => '啟用',
-'DISABLED' => '禁用',
-'NO' => '否',
-'YES' => '是',
-'ADD' => '新增',
-'CREATE' => '建立',
-'MODIFY' => '修改',
-'REMOVE' => '移除',
-'COMMENT' => '備註',
-'NEXT' => '下一步',
-'SELF' => '自己',
-'REMOTE' => '遠端',
-'LOCAL' => '本機',
-'ACTION' => '動作',
-'NETWORK' => '網絡',
-'ROUTER' => '路由器',
-'OPERATION_STATUS_REPORT' => '運作狀態回報',
-'ACCOUNT' => '帳號',
-'GROUP' => '群組',
-'DESC_SECTIONBAR' => ' <hr class="sectionbar"/> ',
-'NO_PIPES_ALLOWED' => '管線符號（|）在此區塊中是不允許的',
-'ERROR_BELOW' => '錯誤：網頁驗證時存在錯誤。請下拉頁面並找到指定錯誤。',
-'ACCESS' => '存取',
-'ACCOUNT_LOCKED' => '帳號鎖定',
-'GROUP_ADD' => '增加群組',
-'NETWORKS_ALLOW_LOCAL' => '僅限區域網路存取',
-'NETWORKS_ALLOW_PUBLIC' => '允許公開存取（全部網際網路）',
-'ERROR_PASSWORD_CHANGE' => '試圖變更您的密碼時發生錯誤。請確認輸入的舊密碼是否正確。',
-'BACK' => '返回',
-'BACKUP' => '備份',
-'DESCRIPTION_BRIEF' => '簡介',
-'PASSWORD_CHANGE' => '改變密碼',
-'RESET_PASSWORD_TITLE' => '重設使用者密碼',
-'ACCOUNT_PASSWORD_CHANGE' => '修改帳號密碼',
-'CONTENT' => '內容',
-'CREATE_GROUP' => '建立使用者群組',
-'USER_LIST_CURRENT' => '當前使用者列表',
-'DESCRIPTION' => '介紹',
-'DESTINATION' => '目的地',
-'DOMAIN_NAME' => '網域名稱',
-'DOMAIN' => '網域',
-'DOMAINS' => '眾網域',
-'DOWNLOAD' => '下載',
-'ERROR_UPDATING_CONFIGURATION' => '更新系統設定時錯誤。',
-'GROUP_MEMBERS' => '群組成員',
-'GROUP_NAME' => '群組名稱',
-'GROUPS' => '群組',
-'IP_ADDRESS' => 'IP 地址',
-'IP_ADDRESS_OR_FQDN' => 'IP地址或FQDN',
-'USER_INVALID' => '無效使用者',
-'LOCATION' => '位置',
-'MB' => '百萬位元(Mb)',
-'MODIFY_USER_GROUP' => '修正使用者群組',
-'NAME' => '名稱',
-'PASSWORD_VERIFY_NEW' => '新密碼（驗證）：',
-'PASSWORD_NEW' => '新密碼：',
-'OFF' => '關閉',
-'OK' => '確定',
-'PASSWORD_OLD' => '舊密碼：',
-'ON' => '開啟',
-'PASSWORD' => '密碼',
-'PERFORM' => '執行',
-'RECONFIGURE' => '重新設定',
-'REMOVE_USER_GROUP' => '移除使用者群組',
-'PASSWORD_RESET' => '重設密碼',
-'RESTORE' => '還原',
-'SHUTDOWN' => '關閉系統',
-'SUCCESS' => '成功',
-'ACCOUNT_NAME_INVALID' => '輸入的帳號名稱無效。',
-'ACCOUNT_NAME_INVALID_CHARS' => '您輸入的帳號名稱包含無效字元。',
-'PASSWORD_OLD_INVALID_CHARS' => '您輸入的舊密碼包含無效字元。',
-'PASSWORD_INVALID_CHARS' => '您輸入的密碼包含無效字元。',
-'PASSWORD_VERIFY_ERROR' => '您輸入的密碼不符。',
-'ACCOUNT_USER_NONE' => '系統中無使用者帳號。',
-'ACCOUNT_GROUP_NONE' => '系統中無使用者群組。',
-'ERROR_INVALID_CHARS' => '描述涵蓋未預期字元。',
-'USER_NAME' => '使用者名稱',
-'YOUR_ACCOUNT' => '您的帳號：',
-'YOUR_ACCOUNT_INVALID' => '輸入的帳號名稱無效。',
-'PASSWORD_CHANGE_SUCCESS' => '您的密碼已修改成功。',
-'FM_NONBLANK' => '此區塊不能留白。',
-'FM_INTEGER' => '此區塊必須包含一個正整數。',
-'FM_NUMBER' => '此區塊必須包含一個數字。',
-'FM_WORD' => '此區塊必須看起來像個單一的字。',
-'FM_DATE' => '輸入的資料無法被解析為日期',
-'FM_CREDIT_CARD_NUMBER1' => '您必須輸入信用卡號碼',
-'FM_CREDIT_CARD_NUMBER2' => '信用卡號碼不應該包含數字、空格或破折號以外的其他字元',
-'FM_CREDIT_CARD_NUMBER3' => '字元長度至少為14個',
-'FM_CREDIT_CARD_NUMBER4' => '似非有效信用卡號碼',
-'FM_CREDIT_CARD_EXPIRY1' => '無輸入屆期日',
-'FM_CREDIT_CARD_EXPIRY2' => '屆期日格式須為MM/YY或MM/YYYY',
-'FM_CREDIT_CARD_EXPIRY3' => '似乎已過屆期日',
-'FM_CREDIT_CARD_EXPIRY4' => '未來屆期日似乎太長',
-'FM_ISO_COUNTRY_CODE1' => '您必須提供國碼',
-'FM_ISO_COUNTRY_CODE2' => '此欄位不包含ISO國碼',
-'FM_US_STATE' => '此似非有效2位元美國州縮寫',
-'FM_US_ZIPCODE' => '美國郵遞區號必須包含5或9個數字',
-'FM_MINLENGTH1' => '以{$minlength}指定的最小長度是無意義的。',
-'FM_MINLENGTH2' => '此區段最少需要{$minlength}個字元。',
-'FM_MAXLENGTH1' => '以{$maxlength}指定的最大長度是無意義的。',
-'FM_MAXLENGTH2' => '此區段不得超過{$maxlength}個字元。',
-'FM_EXACTLENGTH1' => '您必須為此區段指定長度。',
-'FM_EXACTLENGTH2' => '您必須以整數為此區段指定準確長度。',
-'FM_EXACTLENGTH3' => '此區段必須確定為{$exactlength}個字元。',
-'FM_LENGTHRANGE1' => '您必須為此區段指定最大與最小長度。',
-'FM_LENGTHRANGE2' => '您必須以整數為此區段指定最大與最小長度。',
-'FM_LENGTHRANGE3' => '此區段必須介於 {$minlength}與{$maxlength}個字元。',
-'FM_URL' => '此區段的URL必須以http://或ftp://開頭',
-'FM_EMAIL_SIMPLE1' => '您必須輸入一個電郵地址。',
-'FM_EMAIL_SIMPLE2' => '此區段不似RFC822相容的電郵地址',
-'FM_DOMAIN_NAME' => '此區段不似有效的網際網路網域名稱或主機名稱。',
-'FM_IP_NUMBER1' => '此區段必須包含一個有效的IP位址且不能留白。',
-'FM_IP_NUMBER2' => '無效的IP位址格式（例如X.X.X.X）',
-'FM_IP_NUMBER3' => '{$octet}大於255',
-'FM_USERNAME' => '此區塊需類有效使用者名稱（3到8個字母和數字）',
-'FM_PASSWORD1' => '您需提供密碼。',
-'FM_PASSWORD2' => '您提供的密碼不佳。良好的密碼需涵蓋以下：大小寫字母、數字、特殊字元，以及至少7個字元。',
-'FM_MAC_ADDRESS1' => '您需提供MAC位址。',
-'FM_MAC_ADDRESS2' => '您提供的MAC位址無效。',
-'FM_ERR_UNEXPECTED_DESC' => '錯誤：描述中涵蓋未知字元或遺失字元。',
-'CSRF_VALIDATION_FAILURE' => 'Error: CSRF token is invalid or outdated.',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Hostentries/hostentries_fr.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Hostentries/hostentries_fr.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Hostentries/hostentries_fr.lex 2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Hostentries/hostentries_fr.lex     2021-06-07 22:20:51.634000000 +0400
@@ -1,5 +1,5 @@
 'hos_FORM_TITLE' =>  'Gestion des noms d\'hôte et des adresses',
-'Hostnames and addresses' => 'Gestion des noms d\'hôte et des adresses',
+'Hostnames and addresses' => 'Gestion des noms d hôte et des adresses',
 'hos_UNABLE_TO_OPEN_CONFIGDB' => 'Impossible d\'ouvrir la base de données de configuration.',
 'hos_DNS_FORWARDER_ENABLED' => 'Un achemineur DNS a été configuré. Cela signifie que toutes les résolutions DNS seront traitées par cet achemineur. Les noms et les adresses d\'hôte ne peuvent être modifiés sur ce serveur lorsqu\'un achemineur DNS est configuré.',
 'hos_ADD_HOSTNAME' => 'Ajouter un nom d\'hôte',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Workgroup/workgroup_fr.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Workgroup/workgroup_fr.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Workgroup/workgroup_fr.lex     2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Workgroup/workgroup_fr.lex 2021-06-08 20:50:39.749000000 +0400
@@ -1,5 +1,5 @@
 'wkg_FORM_TITLE' => 'Configuration des paramètres du groupe de travail ou du domaine Windows',
-'wkg_DESC_WORKGROUP' => ' Tapez le nom du <b>groupe de travail ou du domaine Windows</b> dans lequel ce serveur doit apparaître. ',
+'wkg_DESC_WORKGROUP' => ' Tapez le nom du groupe de travail ou du domaine Windows dans lequel ce serveur doit apparaître. ',
 'wkg_LABEL_WORKGROUP' => 'Groupe de travail ou domaine Windows',
 'wkg_DESC_SERVERNAME' => 'Tapez le nom que ce serveur doit utiliser pour le partage de fichiers Windows et Macintosh.',
 'wkg_LABEL_SERVERNAME' => 'Nom du serveur',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Yum/yum_fr.lex smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Yum/yum_fr.lex
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Yum/yum_fr.lex 2021-06-03 21:49:50.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Yum/yum_fr.lex     2021-06-07 22:43:01.270000000 +0400
@@ -39,6 +39,7 @@
 'yum_BUTTON_CONFIGURATION' => 'Modifier les paramètres de mise à jour logicielle',
 'yum_BUTTON_INSTALL_AVAILABLE' => 'Installer une aplication additionnelle',
 'yum_BUTTON_REMOVE' => 'Retirer une application installée',
-'yum_DESC_UPTODATE' => 'All updates have been installed.',
+'yum_DESC_UPTODATE' => 'Toutes les mises à jour ont été installées.',
+'yum_TITLE_UPTODATE' => 'Ce système est à jour.',
 'yum_TITLE_UPDATES_AVAILABLE' => 'Des mises à jour sont disponibles',
 'yum_BUTTON_INSTALL_UPDATES' => 'Lister les mises à jour disponibles',
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr.pm smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr.pm
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/lib/SrvMngr.pm  2021-06-03 19:40:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/lib/SrvMngr.pm      2021-06-07 20:03:26.659000000 +0400
@@ -23,7 +23,7 @@
 use SrvMngr::Model::Main;
 
 
-our $VERSION = '1.210';
+our $VERSION = '1.211';
 $VERSION = eval $VERSION;
 
 use Exporter 'import';
@@ -180,8 +180,12 @@
 
     $self->plugin('RenderFile');
 
-    # CSRF protec if production
-#    $self->plugin('Mojolicious::Plugin::CSRFDefender') if ( $self->mode eq 'production' );
+    # CSRF protection if production mode
+    $self->plugin('Mojolicious::Plugin::CSRFDefender' => {
+       onetime => 1,
+       error_status => 400,
+       error_template => 'csrf_400'
+       }) if ( $self->mode eq 'production' );
 
     $self->plugin('SrvMngr::Plugin::I18N' => {namespace => 'SrvMngr::I18N', default => 'en'});
 
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/script/daily.sh smeserver-manager-0.1.2/root/usr/share/smanager/script/daily.sh
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/script/daily.sh 1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/script/daily.sh     2021-06-07 19:45:40.761000000 +0400
@@ -0,0 +1,19 @@
+#! /bin/bash
+
+#> unshift secrets values
+#> refresh Routes base
+#> expand smanager.conf et reload service
+
+SCRIPT_DIR='/usr/share/smanager/script'
+
+# unshift secrets value
+$SCRIPT_DIR/secrets.pl
+
+# refresh routes database
+$SCRIPT_DIR/routes.pl
+
+# smanager config files and databases
+/sbin/e-smith/expand-template $SCRIPT_DIR/../conf/srvmngr.conf
+/sbin/e-smith/signal-event smanager-refresh
+
+exit 0
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/script/routes.pl smeserver-manager-0.1.2/root/usr/share/smanager/script/routes.pl
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/script/routes.pl        1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/script/routes.pl    2021-06-07 20:18:50.265000000 +0400
@@ -0,0 +1,34 @@
+#! /usr/bin/perl -w
+
+# purge Routes database (uninstalled contribs)
+
+use strict;
+use warnings;
+
+use esmith::ConfigDB;
+
+use constant WEBFUNCTIONS => '/usr/share/smanager/lib/SrvMngr/Controller/';
+
+my $rtdb = esmith::ConfigDB->open('routes') or
+        die "Couldn't access Routes database\n";
+
+my @routes = $rtdb->get_all_by_prop( type => 'route' );
+
+exit 0 unless @routes;
+
+my ($sv_contrib, $sv_exist, $file) = '';
+
+for (@routes) {
+    my ( $contrib, $name ) = split ( /\+/, $_->key);
+
+    if ( $contrib ne $sv_contrib) {
+       $sv_contrib = $contrib;
+       $file = WEBFUNCTIONS . ucfirst($contrib) .'.pm';
+       $sv_exist = ( -f $file ) ? 1 : 0;
+    }
+    # print("$contrib $file deleted \n") unless $sv_exist;
+    $rtdb->get($_->key)->delete() unless $sv_exist;
+
+}
+
+exit 0;
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/script/secrets.pl smeserver-manager-0.1.2/root/usr/share/smanager/script/secrets.pl
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/script/secrets.pl       1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/script/secrets.pl   2021-06-07 19:47:59.370000000 +0400
@@ -0,0 +1,53 @@
+#! /bin/env perl
+
+# unshift secrets values
+# 3 secrets values (first one for encrypt, all 3 for decrypt)
+# new value added each day as first one
+
+use strict;
+use warnings;
+
+use esmith::ConfigDB;
+
+sub gen_pwd {
+    use MIME::Base64 qw(encode_base64);
+    my $p = "not set due to error";
+    if ( open( RANDOM, "/dev/urandom" ) ){
+        my $buf;
+        # 57 bytes is a full line of Base64 coding, and contains
+        # 456 bits of randomness - given a perfectly random /dev/random
+        if ( read( RANDOM, $buf, 57 ) != 57 ){
+            warn("Short read from /dev/random: $!");
+        } else {
+            $p = encode_base64($buf);
+            chomp $p;
+        }
+        close RANDOM;
+    } else {
+        warn "Could not open /dev/urandom: $!";
+    }
+    return $p;
+}
+
+my $cdb = esmith::ConfigDB->open() || die "Couldn't open config db";
+
+my $pwds = $cdb->get_prop('smanager','Secrets');
+
+if ( $pwds ){
+    my @secrets = split /,/, $pwds;
+    my $newpwd = gen_pwd();
+    if ( $newpwd ) {
+        $secrets[2] = $secrets[1] if ( $secrets[1] );
+       $secrets[1] = $secrets[0];
+       $secrets[0] = $newpwd;
+       my $secret = join ',', @secrets;
+        $cdb->get('smanager')->set_prop('Secrets', $secret);
+       print("Secret values unshifted\n");
+    } else {
+       print("Secret generation error\n");
+    }
+} else {
+    print("Error while unshifting secrets values\n");
+}
+
+exit 0
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/bugreport.html.ep smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/bugreport.html.ep
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/bugreport.html.ep      2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/bugreport.html.ep  2021-06-08 20:19:07.125000000 +0400
@@ -21,11 +21,14 @@
     <p>
     %=l ('bugr_SME_EXPERIENCE')
     </p><p>
-    %=l ('bugr_PLEASE_REPORT_HERE')
-    </p><p>
     %=l ('bugr_USE_TEMPLATE')
+: <a href="https://wiki.koozali.org/Bugzilla_Help#Reporting_Bugs"
+ target="_blank">https://wiki.koozali.org/Bugzilla_Help#Reporting_Bugs</a>.
     </p><p>
-    %=l ('bugr_FOLLOWING_REPORT_MIGHT_HELP')
+    %=l ('bugr_PLEASE_REPORT_HERE')
+: <a href="https://bugs.koozali.org" target="_blank">https://bugs.koozali.org</a>.
+    </p><p> 
+   %=l ('bugr_FOLLOWING_REPORT_MIGHT_HELP')
     </p><p>
     %=l ('bugr_REPORT_CONTENT')
     <br><ul><li>
@@ -77,4 +80,4 @@
 
 </div>
 
-%end
\ Pas de fin de ligne à la fin du fichier
+%end
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/csrf_400.html.ep smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/csrf_400.html.ep
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/csrf_400.html.ep       1970-01-01 04:00:00.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/csrf_400.html.ep   2021-06-07 00:13:48.000000000 +0400
@@ -0,0 +1,10 @@
+% layout 'default', title => "Sme server 2 - err 400";
+
+% content_for 'module' => begin
+<div id="module">
+    <div class=sme-error>
+    %= l 'CSRF_VALIDATION_FAILURE'
+    </div>
+
+</div>
+% end
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/partials/_dom_list.html.ep smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/partials/_dom_list.html.ep
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/partials/_dom_list.html.ep     2020-11-19 11:53:26.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/partials/_dom_list.html.ep 2021-06-07 22:23:32.322000000 +0400
@@ -96,10 +96,6 @@
        %= submit_button "$btn2", class => 'action'
        </p>
 
-       <p>
-       %= l 'dom_BUTTON_CORPORATE_DNS'
-       </p>
-
         %= hidden_field 'trt' => 'UP2'
 
     % end
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/partials/_footer.html.ep smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/partials/_footer.html.ep
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/partials/_footer.html.ep       2021-06-03 17:31:23.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/partials/_footer.html.ep   2021-06-08 19:33:26.282000000 +0400
@@ -4,5 +4,5 @@
 SME Server <%= session 'releaseVersion' %> - Manager <%= $c->app->VERSION %>
 <br>Copyright 1999-2006 Mitel Corporation<br>
 %= session 'copyRight'
-<br>Copyright (c) 2013-2016 Koozali Foundation Inc.<br>
+<br>Copyright (c) 2013-2021 Koozali Foundation Inc.<br>
 </font>
diff -urN smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/workgroup.html.ep smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/workgroup.html.ep
--- smeserver-manager-0.1.2.old/root/usr/share/smanager/themes/default/templates/workgroup.html.ep      2020-11-19 11:53:26.000000000 +0400
+++ smeserver-manager-0.1.2/root/usr/share/smanager/themes/default/templates/workgroup.html.ep  2021-06-07 22:37:22.385000000 +0400
@@ -37,7 +37,7 @@
        </span>
        </p>
        <p>
-       %=l 'wkg_DESC_PDC', class => 'desc'
+        %= $c->render_to_string(inline => l 'wkg_DESC_PDC')
        <br>
        <span class=label>
        %=l 'wkg_LABEL_PDC', class => 'label'
@@ -47,7 +47,7 @@
        </span>
        </p>
        <p>
-       %=l 'wkg_DESC_ROAM', class => 'desc'
+        %= $c->render_to_string(inline => l 'wkg_DESC_ROAM')
        <br>
        <span class=label>
        %=l 'wkg_LABEL_ROAM', class => 'label'