On Fri, Jun 19, 2020 at 2:40 PM Craig Russell <apache....@gmail.com> wrote:
>
> Big picture: I will read current-year/template.txt, substitute the name and
> date from the $USER information, and present that to the user in a scroll
> window with a button (Sign) at the bottom.
>
> The server will then write that data to current-year/availid.txt and send a
> message to avai...@apache.org, cc:secretary.
>
> Here's a start at reading the file, using repository.yml and document.rb:
> coi_url = ASF::SVN.svnurl('conflict-of-interest-current-year')
> current_timestamp = DateTime.now.strftime "%Y-%m-%d %H:%M:%S"
> outputfile = File.join(coi_url, 'template.txt').untaint
> template = File.read(outputfile)
> affirmed = template.gsub("Name: __", "Name: _#{user.cn}_").gsub("Date: __",
> "Date: _#{current_timestamp}_")
>
> Then, in the form method for POST, I need to write the data to the (new) file
> current-year/availid.txt. I have not found any code or examples how to do
> that.
Here is a complete example:
https://github.com/apache/whimsy/blob/master/www/treasurer/bill-upload.cgi#L82
Important points:
1) be sure to validate your inputs as this could be a security hole.
2) Create a temporary directory, do an empty svn checkout into it,
write contents of the file, and do an svn add and svn commit.
> Thanks
> Craig
>
> Craig L Russell
> c...@apache.org
- Sam Ruby
