Subversion Repositories wimsdev

Rev

Rev 7673 | Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
10 reyssat 1 
/*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
2 
 *
3 
 *  This program is free software; you can redistribute it and/or modify
4 
 *  it under the terms of the GNU General Public License as published by
5 
 *  the Free Software Foundation; either version 2 of the License, or
6 
 *  (at your option) any later version.
7 
 *
8 
 *  This program is distributed in the hope that it will be useful,
9 
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
10 
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11 
 *  GNU General Public License for more details.
12 
 *
13 
 *  You should have received a copy of the GNU General Public License
14 
 *  along with this program; if not, write to the Free Software
15 
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16 
 */
17 
 
18 
void secure_exec(void);
19 
 
20 
int fwrite_calls=0;     /* number of files */
21 
int fwrite_sizes=0;     /* total size */
22 
 
23 
        /* write to a writable file. */
24 
void _filewrite(char *prefix, char *fname, char *content, char *type)
25 
{
26 
    char *m, buf[MAX_LINELEN+1];
27 
    FILE *f;
28 
    int n,checklink;
29 
    struct stat stl;
30 
    checklink=0;
31 
    if(strstr(fname,parent_dir_string)!=NULL){
32 
        setvar(error_data_string,fname);
33 
        module_error("illegal_fname"); return;
34 
    }
35 
    m=getvar(ro_name[ro_module]);
36 
    if(m==NULL || *m==0) return;
37 
    if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
38 
       strstr(session_prefix,"robot")==NULL) {
39 
        mystrncpy(buf,tmp_dir,sizeof(buf));
40 
        goto add;
41 
    }
42 
    if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
43 
        if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
44 
denied:
45 
            setvar(error_data_string,fname);
46 
            module_error("file_access_denied"); return;
47 
        }
48 
        fname+=strlen("getfile/");
49 
        snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
50 
        mkdirs(buf);
51 
        checklink=1; goto add;
52 
    }
53 
    if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
54 
        mystrncpy(buf,getvar("wims_home"),sizeof(buf));
55 
        fname+=9; goto add;
56 
    }
57 
    if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
58 
        mystrncpy(buf,prefix,sizeof(buf));
59 
    }
60 
    else {
61 
        if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
62 
        snprintf(buf,sizeof(buf),"w/%s",prefix);
63 
        mkdirs(buf);
64 
    }
65 
    add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
66 
    if(!trusted_module() || is_class_module) {
67 
        if(fwrite_calls>=MAX_FWRITE) goto denied;
68 
        fwrite_calls++;
69 
        n=strlen(content)+1;
70 
        if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
71 
        fwrite_sizes+=n;
72 
    }
73 
    if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
74 
      goto denied;
75 
    lastdatafile[0]=lastftest[0]=0;
76 
    f=fopen(buf,type); if(f==NULL) return;
77 
    fprintf(f,"%s\n",content);
78 
    fclose(f);
79 
}
80 
 
81 
        /* write to a file in module */
82 
void filewrite(char *p)
83 
{
84 
    char *p1, *p2;
85 
    secure_exec();
86 
    p1=find_word_start(p);
87 
    p2=find_word_end(p1);
88 
    if(*p1==0) {*p=0;return;}
89 
    if(*p2!=0) *p2++=0;
90 
    _filewrite(module_prefix,p1,p2,"w");
91 
    *p=0;
92 
}
93 
 
94 
        /* append to a file in module */
95 
void fileappend(char *p)
96 
{
97 
    char *p1, *p2;
98 
    secure_exec();
99 
    p1=find_word_start(p);
100 
    p2=find_word_end(p1);
101 
    if(*p1==0) {*p=0;return;}
102 
    if(*p2!=0) *p2++=0;
103 
    _filewrite(module_prefix,p1,p2,"a");
104 
    *p=0;
105 
}
106