lcapriotti
diff --git a/‎ChangeLog
+33 b/‎ChangeLog
+33
diff --git a/‎bin/check_apache_conf
+80 b/‎bin/check_apache_conf
+80
diff --git a/‎bin/upgrade
+32-5 b/‎bin/upgrade
+32-5
diff --git a/‎config/locale/cs_CZ/LC_MESSAGES/zendto.po
+71-14 b/‎config/locale/cs_CZ/LC_MESSAGES/zendto.po
+71-14
@@ -1,3 +1,36 @@
+Version 6.04-1 Beta
+- Overhauled the "request a drop-off" page.
+- Added new feature to requests: you can now set a start and end date+time.
+  Outside those times, the request won't work.
+- Fixed bug where admins logging in via SAML would not see statistics
+  button in main menu. Alternative workaround is to list 'authAdmins'
+  users in 'authStats' as well.
+- Changed 'Content-Security-Policy' header definition in Apache config.
+  Exact change is to replace "img-src *" with "img-src data: *", then
+  restart Apache. Otherwise the date/time picker in the "Request a
+  Drop-off" form will not display correctly.
+- Subject in new drop-off form can now only be edited if you are logged in.
+- Fixed bug in unlock-user to get all the reporting correct, and fix and
+  improve logging. Thanks Marlon!
+- Improved "upgrade" command so it warns you if you have *.rpmnew or
+  *.dpkg-dist files in your templates dir that you need to move into place
+  by hand, as you had modified the previous versions.
+- Improved "upgrade" command so it checks you have a 'Content-Security-
+  Policy' header definition in your Apache config for the https ZendTo site.
+  And if so, adds "data:" to the list of valid sources of images.
+  Otherwise the date+time pickers in the "request a drop-off" page will
+  look messed up. If it doesn't find the header definition at all, it
+  suggests the change you need to make.
+
+Version 6.03-5 Production
+- Fixed bug where the wrong reminder emails were being sent to users.
+- Fixed formatting error in plain-text emails about a new drop-off.
+- Fixed bug where changing language immediately before/after doing SAML
+  login could produce blank page.
+- Fixed bug where "Decline" button in GDPR cookie-consent bar was not
+  being translated.
+- Updated Turkish and Brazilian Portuguese translations.
+
 Version 6.03-4 Production
 - HTML emails now display correctly on systems running in Dark mode.
 - 'showEmailPasscodeCheckbox' now has the expected result in the New
 
@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+# JKF 2020-07-22
+# Find the right apache site config file for their https ZendTo site.
+# Check it has a Content-Security-Policy header definition.
+# Check it has an img-src setting.
+# Check that contains "data:" as well as "*".
+# If not, fix it automatically.
+#
+# This is needed for the date/time pickers in the request page to
+# work properly. Otherwise you see no buttons in the pickers.
+
+# This is a list of all the possible places the Installer might have put
+# the https site config, depending on exactly what version of what OS
+# we are running on.
+CONFS="/etc/apache2/sites-available/001-zendto-ssl /etc/apache2/sites-available/001-zendto-ssl.conf /etc/httpd/conf.d/zendto-ssl.conf /usr/local/etc/apache24/Includes/zendto-ssl.conf /etc/apache2/vhosts.d/zendto-ssl.conf"
+
+# Find the first one of the list above that exists
+for F in $CONFS
+do
+  if [ -e "$F" ]; then
+    CONFIG=$F
+    break;
+  fi
+done
+
+# If we didn't find it, see if they put it on the command-line
+if [ "x$CONFIG" = "x" ]; then
+  CONFIG="$1"
+fi
+# Nope.
+if [ "x$CONFIG" = "x" ]; then
+  echo "Failed to find your Apache config for the https ZendTo site."
+  echo "Security check skipped."
+  echo "You can give the location of the file on the command-line to help me."
+  exit 1
+fi
+
+echo "Checking your Apache config $CONFIG"
+
+if grep -q '^[ 	]*Header.*Content-Security-Policy' "$CONFIG"; then
+  echo "I have found a Content-Security-Policy header definition."
+  HEADER="$( grep '^[ 	]*Header.*Content-Security-Policy' "$CONFIG" | head -1 )"
+  # Now find the "img-src" setting in the header
+  if echo "$HEADER" | grep -q 'img-src '; then
+    IMGSRC="$( echo "$HEADER" | perl -pe 's/^.*(img-src.*?;).*$/$1/' )"
+    if echo "$IMGSRC" | grep -q ' data:'; then
+      echo "Good, you already have data: in the list of valid sources of images."
+      echo "So I do not need to do anything."
+    else
+      echo "I need to add 'data:' to the list of 'img-src' values so it reads"
+      echo "     img-src data: *;"
+      echo "Otherwise the date and time pickers will not work."
+      echo
+      echo "I will do it for you now"
+      perl -pi.bak -e 's/^(\s*Header.*Content-Security-Policy\s+.*?img-src)[^;]*/$1 data: */' "$CONFIG"
+      echo "Apache configuration $CONFIG updated."
+      echo "The old file is in $CONFIG.bak if you have any problems."
+      echo
+      echo "Restart Apache, or just reboot, for the change to take effect."
+    fi
+  else
+    echo "Did not find an img-src definition in your Content-Security-Policy header"
+    echo "You should add one that says"
+    echo "    img-src data: *;"
+    echo "and then restart Apache."
+  fi
+else
+  echo "I did not find a definition for the Content-Security-Policy header."
+  echo "I strongly advise you add one to improve the security of your ZendTo service."
+  echo 'You need to add this setting (as 1 very long line) to anywhere'
+  echo "in the middle of the file $CONFIG"
+  echo
+  cat <<EOH
+  Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com"
+EOH
+  echo
+  echo "and restart Apache (or reboot)."
+fi
+
@@ -91,11 +91,12 @@ if [ -n "$ZENDTOPREFS" -a -f "$ZENDTOPREFS" ]; then
     if [ "x$Latest" != "x" -a "x$Previous" != "x" ]; then
       if [ "$Latest" = "$Previous" ]; then
         # There is only 1 version-numbered dir. Assume that's the new one
-	$DRYRUN && shout "Only 1 version-numbered directory"
+        $DRYRUN && shout "Only 1 version-numbered directory"
         OldZTConf="$NewConfigDir/zendto.conf"
         OldConfigDir="$NewConfigDir"
         NewZendToDir="$Latest"
         NewBin="$NewZendToDir/bin"
+        NewTemplatesDir="$NewZendToDir/templates"
         NewConfigDir="$NewZendToDir/config"
         Prefs="$Latest/config/preferences.php"
         TemplatePrefs="$Prefs"
@@ -104,11 +105,12 @@ if [ -n "$ZENDTOPREFS" -a -f "$ZENDTOPREFS" ]; then
         TemplateZTConf="$ZTConf"
       else
         # The Latest and Previous versions are different
-	$DRYRUN && shout "Found 2 different version numbers"
+        $DRYRUN && shout "Found 2 different version numbers"
         NewZendToDir="$Latest"
         NewBin="$NewZendToDir/bin"
+        NewTemplatesDir="$NewZendToDir/templates"
         NewConfigDir="$NewZendToDir/config"
-	OldConfigDir="$Previous/config"
+        OldConfigDir="$Previous/config"
         Prefs="$Latest/config/preferences.php"
         TemplatePrefs="$Prefs"
         OldPrefs="$Previous/config/preferences.php"
@@ -126,6 +128,7 @@ if [ -n "$ZENDTOPREFS" -a -f "$ZENDTOPREFS" ]; then
       $DRYRUN && shout "No version numbered dirs found, assuming symlink is a fluke"
       # NewZendToDir and NewConfigDir already set
       NewBin="$NewZendToDir/bin"
+      NewTemplatesDir="$NewZendToDir/templates"
       OldConfigDir="$NewConfigDir"
       Prefs="$ZENDTOPREFS"
       TemplatePrefs=''
@@ -138,6 +141,7 @@ if [ -n "$ZENDTOPREFS" -a -f "$ZENDTOPREFS" ]; then
     # No symlinks found
     $DRYRUN && shout "$NewZendToDir is not a symlink"
     NewBin="$NewZendToDir/bin"
+    NewTemplatesDir="$NewZendToDir/templates"
     OldConfigDir="$NewConfigDir"
     Prefs="$ZENDTOPREFS"
     TemplatePrefs=''
@@ -149,6 +153,8 @@ if [ -n "$ZENDTOPREFS" -a -f "$ZENDTOPREFS" ]; then
 else
   $DRYRUN && shout "Could not find old config $ZENDTOPREFS at all"
   NewZendToDir=/opt/zendto
+  NewBin="$NewZendToDir/bin"
+  NewTemplatesDir="$NewZendToDir/templates"
   NewConfigDir="$NewZendToDir/config"
   OldConfigDir="$NewConfigDir"
   Prefs="$NewConfigDir/preferences.php"
@@ -163,6 +169,7 @@ if $DRYRUN; then
   shout "Files are:"
   shout "NewZendToDir = $NewZendToDir"
   shout "NewBin = $NewBin"
+  shout "NewTemplatesDir = $NewTemplatesDir"
   shout "OldConfigDir = $OldConfigDir"
   shout "NewConfigDir = $NewConfigDir"
   shout "OldPrefs = $OldPrefs"
@@ -377,15 +384,35 @@ else
   echo
 fi
 
-
 # Put all the SELinux attributes back, if it's being used
 if sestatus >/dev/null 2>&1; then
   restorecon -F -R /opt/zendto >/dev/null 2>&1
 fi
 
+# Check the apache site config for the https site, must have img-src right
+echo
+"$NewBin"/check_apache_conf
+echo
+
+# Tell them if they have *.rpmnew files in zendto/templates, as they
+# will need to move these into place (incorporating any customisations
+# they want to keep) before anything will work correctly.
+if compgen -G "$NewTemplatesDir/*.dpkg-dist" >/dev/null ||
+   compgen -G "$NewTemplatesDir/*.rpmnew"    >/dev/null; then
+  echo
+  shout '*** WARNING ***'
+  shout ''
+  shout "In your $NewTemplatesDir directory, you have new versions"
+  shout "of the user interface template (.tpl) files which you need"
+  shout "to move into place manually before everything will work properly."
+  shout "These end in either '.dpkg-dist' or '.rpmnew'."
+  echo
+  pause
+fi
+
 if [ -d "$OLDSTORE" ]; then
   echo
-  shout "Please look in $OLDSTORE to find the old versions of"
+  shout "You can look in $OLDSTORE to find the old versions of"
   shout "the preferences.php and/or zendto.conf files."
   echo
 fi
 
@@ -23,7 +23,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: ZendTo 5.15\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-07-05 12:09+0100\n"
+"POT-Creation-Date: 2020-07-22 17:17+0100\n"
 "PO-Revision-Date: 2020-06-10 14:04+0200\n"
 "Last-Translator: Dizzy Easy <[email protected]>\n"
 "Language-Team: Czech <[email protected]>\n"
@@ -106,12 +106,23 @@ msgstr "Můžete stále posílat soubory přímo z hlavní nabídky nebo požád
 msgid "Request Code Used"
 msgstr "Kód požadavku byl již použitý"
 
-msgid "Your Request Code has expired. Please start again."
-msgstr "Platnost kódu požadavku vypršela. Prosím, začněte znovu."
+msgid "Please ask for a new Request."
+msgstr ""
 
-msgid "Request Code Expired"
+#, fuzzy
+msgid "Your Request Code has expired."
 msgstr "Platnost Kódu požadavku vypršela"
 
+msgid "Please wait for %1$s, until %2$s."
+msgstr ""
+
+#, fuzzy
+msgid "Your Request Code cannot be used yet."
+msgstr "Váš Kód požadavku nebyl nalezen nebo již byl použit."
+
+msgid "The end time you set has already passed."
+msgstr ""
+
 msgid "Request Error"
 msgstr "Chyba požadavku"
 
@@ -130,6 +141,9 @@ msgstr "Nelze znovu odeslat zásilku"
 msgid "Unlocked %s."
 msgstr "Odemčeno %s."
 
+msgid "Security"
+msgstr ""
+
 msgid "Unknown user"
 msgstr "Neznámý uživatel"
 
@@ -316,6 +330,12 @@ msgstr "Adresář, který obsahuje soubory této zásilky zmizel."
 msgid "Drop-off Directory Not Found"
 msgstr "Nepodařilo se nalézt adresář zásilky"
 
+msgid "You cannot create a drop-off from your request yet. Please wait until %s before uploading your files."
+msgstr ""
+
+msgid "The request you used to create this drop-off has expired. You will need to contact the other person again to get a new 'request for files'."
+msgstr ""
+
 msgid "Failed to read your verification information. Your drop-off session has probably expired. Please start again."
 msgstr "Nepodařilo se přečíst ověřovací informace. Vaše zásilka pravděpodobně překročila lhůtu platnosti. Začněte prosím znovu."
 
@@ -733,9 +753,6 @@ msgstr "soubor"
 msgid "%1 files"
 msgstr "%1 soubory(ů)"
 
-msgid "%1 <%2> has dropped off %3 for you."
-msgstr "%1 <%2> pro vás uložil(a) zásilku."
-
 msgid "IF YOU TRUST THE SENDER, and are expecting to receive a file from them, you may choose to retrieve the drop-off by clicking the following link (or copying and pasting it into your web browser):"
 msgstr "POKUD ODESÍLATELI DŮVĚŘUJETE a očekáváte od něho zaslání souborů, můžete si zásilku vyzvednout kliknutím na následující odkaz (případně zkopírováním odkazu do prolížeče):"
 
@@ -1139,10 +1156,12 @@ msgstr "Soubory nahrávané na %1 jsou skenovány na přítomnost škodlivého k
 msgid "Users are also <strong>strongly encouraged</strong> to encrypt every file if any contain sensitive information (e.g. personal private information)!"
 msgstr "Pokud nahráváte citlivé informace, doporučujeme Vám <strong>Zašifrovat soubor(y)</strong>!"
 
-msgid "This web page will allow you to drop-off (upload) one or more files for anyone (either a %1 user or others). The recipient will receive an automated email containing the information you enter below and instructions for downloading the file. Your IP address will also be logged and sent to the recipient for identity confirmation purposes."
+#, fuzzy
+msgid "Use this form to drop-off (upload) one or more files for anyone (either a %1 user or others). The recipient will receive an automated email containing the information you enter below and instructions for downloading the file. Your IP address will also be logged and sent to the recipient for identity confirmation purposes."
 msgstr "Tato webová stránka vám umožní uložit jeden nebo více souborů pro každého uživatele %1 nebo externího uživatele. Příjemce obdrží automatický e-mail obsahující informace, které zadáte níže, a pokyny pro stažení souboru."
 
-msgid "This web page will allow you to drop-off (upload) one or more files for a %1 user. The recipient will receive an automated email containing the information you enter below and instructions for downloading the file. Your IP address will also be logged and sent to the recipient for identity confirmation purposes."
+#, fuzzy
+msgid "Use this form to drop-off (upload) one or more files for a %1 user. The recipient will receive an automated email containing the information you enter below and instructions for downloading the file. Your IP address will also be logged and sent to the recipient for identity confirmation purposes."
 msgstr "Tato webová stránka vám umožní nahrát jeden nebo více souborů pro uživatele %1. Příjemce obdrží automatický e-mail obsahující informace, které jste zadali níže a pokyny pro stahování souboru. Vaše IP adresa bude také zaznamenána a odeslána příjemci pro účely potvrzení totožnosti."
 
 msgid "From"
@@ -1304,9 +1323,13 @@ msgstr "Toto je požadavek od uživatele %1."
 msgid "Please click on the link below and drop off the file or files I have requested."
 msgstr "Prosím, klikněte na níže uvedený odkaz a nahrajte požadovaný soubor nebo soubory."
 
-msgid "The link is only valid for %1 from the time of this email."
+#, fuzzy
+msgid "The link is only valid from %1 to %2."
 msgstr "Odkaz je platný pouze %1 od doby odeslání tohoto e-mailu."
 
+msgid "After that time it will automatically expire."
+msgstr ""
+
 msgid "All files you upload will be automatically encrypted."
 msgstr "Všechny posílané soubory budou automaticky zašifrovány."
 
@@ -1325,7 +1348,8 @@ msgstr "Zkopírováno"
 msgid "The request for a Drop-off has been sent to %1 at %2."
 msgstr "Požadavek na uložení zásilky byl odeslán uživateli %1, %2."
 
-msgid "It is valid for %1."
+#, fuzzy
+msgid "It is valid from %1 to %2."
 msgstr "Platnost %1."
 
 msgid "The files they send you will be encrypted with the passphrase you just entered. Do not lose it or you will not be able to access the files!"
@@ -1373,24 +1397,54 @@ msgstr "Nejprve zadejte předmět emailu!"
 msgid "Your note is too long!"
 msgstr "Vaše poznámka je příliš dlouhá!"
 
+#, fuzzy
+msgid "Your request must expire after it starts!"
+msgstr "Platnost kódu požadavku vypršela. Prosím, začněte znovu."
+
 msgid "Optional: if you select this and set a passphrase, the drop-off will be encrypted. The person sending the files will never know the passphrase."
 msgstr "Volitelné: Pokud vyberete tuto možnost a nastavíte přístupové heslo, bude zásilka šifrována. Osoba odesílající soubory nebude znát přístupové heslo."
 
 msgid "This is normally selected. If you deselect it, the link and instructions will not be sent by email. Instead you will just be shown the link they need, so you can send it by other means."
 msgstr "Tato volba bývá obvykle vybrána. Pokud ji zrušíte, odkaz a pokyny nebudou zaslány e-mailem. Místo toho se vám zobrazí pouze odkaz, který potřebuje příjemce zásilky a můžete jej odeslat jiným způsobem."
 
-msgid "This web page will allow you to send a request to one of more other people requesting that they send (upload) one or more files for you.  The recipient will receive an automated email containing the information you enter below and instructions for uploading the file(s)."
+msgid "Multiple email addresses should be separated with a comma \",\" or semicolon \";\". Each recipient will be sent a different link."
+msgstr ""
+
+#, fuzzy
+msgid "Use this form to send a request to one of more other people requesting that they send (upload) one or more files for you.  The recipient will receive an automated email containing the information you enter below and instructions for uploading the file(s)."
 msgstr "Tato webová stránka vám umožní odeslat požadavek osobám, po kterých požadujete nahrání souboru(ů). Příjemce obdrží automatický e-mail obsahující informace, které zadáte níže a instrukce pro nahrání souboru(ů)."
 
+#, fuzzy
+msgid "Unless you change the dates or times below, the request created will be valid for %1."
+msgstr "Požadavek je platný %1."
+
 msgid "Email(s)"
 msgstr "E-mail(y)"
 
-msgid "Send email"
-msgstr "Odeslat email"
+#, fuzzy
+msgid "Name: adds to your address book"
+msgstr "Přidat do vašeho adresáře"
+
+#, fuzzy
+msgid "One or more email addresses"
+msgstr "Vaše e-mailová adresa"
+
+msgid "Subject line of the email"
+msgstr ""
+
+#, fuzzy
+msgid "Drop-off must occur between"
+msgstr "Zásilka není zašifrována"
+
+msgid "and"
+msgstr ""
 
 msgid "This will be sent to the recipient. It will also be included in the resulting drop-off sent to you."
 msgstr "Níže uvedený text bude odeslán emailem příjemci, kterého žádáte o nahrání souborů. Odkaz a instrukce pro nahrání budou do emailu doplněny automaticky."
 
+msgid "Send email"
+msgstr "Odeslat email"
+
 msgid "Do not lose or forget this passphrase!"
 msgstr "Nezapomeňte toto přístupové heslo!"
 
@@ -1633,6 +1687,9 @@ msgstr "Jakmile ji obdržíte, klikněte prosím na odkaz ve zprávě. Doručen
 msgid "Send confirmation"
 msgstr "Odeslat ověření"
 
+#~ msgid "%1 <%2> has dropped off %3 for you."
+#~ msgstr "%1 <%2> pro vás uložil(a) zásilku."
+
 #~ msgid "Recipient"
 #~ msgstr "Příjemce"