Rev 8185 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 8185 | Rev 12241 | ||
---|---|---|---|
Line 23... | Line 23... | ||
23 | int fwrite_sizes=0; /* total size */ |
23 | int fwrite_sizes=0; /* total size */ |
24 | 24 | ||
25 | /* write to a writable file. */ |
25 | /* write to a writable file. */ |
26 | void _filewrite(char *prefix, char *fname, char *content, char *type) |
26 | void _filewrite(char *prefix, char *fname, char *content, char *type) |
27 | { |
27 | { |
28 |
|
28 | char *m, buf[MAX_LINELEN+1]; |
29 |
|
29 | FILE *f; |
30 |
|
30 | int n,checklink; |
31 |
|
31 | struct stat stl; |
32 |
|
32 | checklink=0; |
33 |
|
33 | if(strstr(fname,parent_dir_string)!=NULL){ |
34 |
|
34 | setvar(error_data_string,fname); |
35 |
|
35 | module_error("illegal_fname"); return; |
36 |
|
36 | } |
37 |
|
37 | m=getvar(ro_name[ro_module]); |
38 |
|
38 | if(m==NULL || *m==0) return; |
39 |
|
39 | if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL && |
40 |
|
40 | strstr(session_prefix,"robot")==NULL) { |
41 |
|
41 | mystrncpy(buf,tmp_dir,sizeof(buf)); |
42 |
|
42 | goto add; |
43 |
|
43 | } |
44 |
|
44 | if(strncmp(fname,"getfile/",strlen("getfile/"))==0) { |
45 |
|
45 | if(strchr(fname+strlen("getfile/"),'/')!=NULL) { |
46 | denied: |
46 | denied: |
47 |
|
47 | setvar(error_data_string,fname); |
48 |
|
48 | module_error("file_access_denied"); return; |
49 | } |
- | |
50 | fname+=strlen("getfile/"); |
- | |
51 | snprintf(buf,sizeof(buf),"%s/getfile",session_prefix); |
- | |
52 | mkdirs(buf); |
- | |
53 | checklink=1; goto add; |
- | |
54 | } |
- | |
55 | if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) { |
- | |
56 | mystrncpy(buf,getvar("wims_home"),sizeof(buf)); |
- | |
57 | fname+=9; goto add; |
- | |
58 | } |
- | |
59 | if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) { |
- | |
60 | mystrncpy(buf,prefix,sizeof(buf)); |
- | |
61 | } |
- | |
62 | else { |
- | |
63 | if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */ |
- | |
64 | snprintf(buf,sizeof(buf),"w/%s",prefix); |
- | |
65 | mkdirs(buf); |
- | |
66 | } |
- | |
67 | add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname); |
- | |
68 | if(!trusted_module() || is_class_module) { |
- | |
69 | if(fwrite_calls>=MAX_FWRITE) goto denied; |
- | |
70 | fwrite_calls++; |
- | |
71 | n=strlen(content)+1; |
- | |
72 | if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied; |
- | |
73 | fwrite_sizes+=n; |
- | |
74 | } |
49 | } |
- | 50 | fname+=strlen("getfile/"); |
|
- | 51 | snprintf(buf,sizeof(buf),"%s/getfile",session_prefix); |
|
- | 52 | mkdirs(buf); |
|
- | 53 | checklink=1; goto add; |
|
- | 54 | } |
|
- | 55 | if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) { |
|
- | 56 | mystrncpy(buf,getvar("wims_home"),sizeof(buf)); |
|
- | 57 | fname+=9; goto add; |
|
- | 58 | } |
|
- | 59 | if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) { |
|
- | 60 | mystrncpy(buf,prefix,sizeof(buf)); |
|
- | 61 | } |
|
- | 62 | else { |
|
- | 63 | if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */ |
|
- | 64 | snprintf(buf,sizeof(buf),"w/%s",prefix); |
|
- | 65 | mkdirs(buf); |
|
- | 66 | } |
|
- | 67 | add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname); |
|
- | 68 | if(!trusted_module() || is_class_module) { |
|
- | 69 | if(fwrite_calls>=MAX_FWRITE) goto denied; |
|
- | 70 | fwrite_calls++; |
|
- | 71 | n=strlen(content)+1; |
|
- | 72 | if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied; |
|
- | 73 | fwrite_sizes+=n; |
|
- | 74 | } |
|
75 |
|
75 | if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode)) |
76 |
|
76 | goto denied; |
77 |
|
77 | lastdatafile[0]=lastftest[0]=0; |
78 |
|
78 | f=fopen(buf,type); if(f==NULL) return; |
79 |
|
79 | fprintf(f,"%s\n",content); |
80 |
|
80 | fclose(f); |
81 | } |
81 | } |
82 | 82 | ||
83 | /* write to a file in module */ |
83 | /* write to a file in module */ |
84 | void filewrite(char *p) |
84 | void filewrite(char *p) |
85 | { |
85 | { |
86 |
|
86 | char *p1, *p2; |
87 |
|
87 | secure_exec(); |
88 |
|
88 | p1=find_word_start(p); |
89 |
|
89 | p2=find_word_end(p1); |
90 |
|
90 | if(*p1==0) {*p=0;return;} |
91 |
|
91 | if(*p2!=0) *p2++=0; |
92 |
|
92 | _filewrite(module_prefix,p1,p2,"w"); |
93 |
|
93 | *p=0; |
94 | } |
94 | } |
95 | 95 | ||
96 | /* append to a file in module */ |
96 | /* append to a file in module */ |
97 | void fileappend(char *p) |
97 | void fileappend(char *p) |
98 | { |
98 | { |
99 |
|
99 | char *p1, *p2; |
100 |
|
100 | secure_exec(); |
101 |
|
101 | p1=find_word_start(p); |
102 |
|
102 | p2=find_word_end(p1); |
103 |
|
103 | if(*p1==0) {*p=0;return;} |
104 |
|
104 | if(*p2!=0) *p2++=0; |
105 |
|
105 | _filewrite(module_prefix,p1,p2,"a"); |
106 |
|
106 | *p=0; |
107 | } |
107 | } |
108 | - |