Subversion Repositories wimsdev

Rev

Rev 8185 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 8185 Rev 12241
Line 23... Line 23...
23 
int fwrite_sizes=0; /* total size */
 23 
int fwrite_sizes=0; /* total size */
24 
 
 24 
 
25 
/* write to a writable file. */
 25 
/* write to a writable file. */
26 
void _filewrite(char *prefix, char *fname, char *content, char *type)
 26 
void _filewrite(char *prefix, char *fname, char *content, char *type)
27 
{
 27 
{
28 
    char *m, buf[MAX_LINELEN+1];
 28 
  char *m, buf[MAX_LINELEN+1];
29 
    FILE *f;
 29 
  FILE *f;
30 
    int n,checklink;
 30 
  int n,checklink;
31 
    struct stat stl;
 31 
  struct stat stl;
32 
    checklink=0;
 32 
  checklink=0;
33 
    if(strstr(fname,parent_dir_string)!=NULL){
 33 
  if(strstr(fname,parent_dir_string)!=NULL){
34 
     setvar(error_data_string,fname);
 34 
    setvar(error_data_string,fname);
35 
     module_error("illegal_fname"); return;
 35 
   module_error("illegal_fname"); return;
36 
    }
 36 
  }
37 
    m=getvar(ro_name[ro_module]);
 37 
  m=getvar(ro_name[ro_module]);
38 
    if(m==NULL || *m==0) return;
 38 
  if(m==NULL || *m==0) return;
39 
    if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
 39 
  if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
40 
       strstr(session_prefix,"robot")==NULL) {
 40 
     strstr(session_prefix,"robot")==NULL) {
41 
     mystrncpy(buf,tmp_dir,sizeof(buf));
 41 
    mystrncpy(buf,tmp_dir,sizeof(buf));
42 
     goto add;
 42 
    goto add;
43 
    }
 43 
  }
44 
    if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
 44 
  if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
45 
     if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
 45 
    if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
46 
denied:
 46 
denied:
47 
         setvar(error_data_string,fname);
 47 
      setvar(error_data_string,fname);
48 
         module_error("file_access_denied"); return;
 48 
      module_error("file_access_denied"); return;
49 
     }
 - 
 
50 
     fname+=strlen("getfile/");
 - 
 
51 
     snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
 - 
 
52 
     mkdirs(buf);
 - 
 
53 
     checklink=1; goto add;
 - 
 
54 
    }
 - 
 
55 
    if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
 - 
 
56 
     mystrncpy(buf,getvar("wims_home"),sizeof(buf));
 - 
 
57 
     fname+=9; goto add;
 - 
 
58 
    }
 - 
 
59 
    if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
 - 
 
60 
     mystrncpy(buf,prefix,sizeof(buf));
 - 
 
61 
    }
 - 
 
62 
    else {
 - 
 
63 
     if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
 - 
 
64 
     snprintf(buf,sizeof(buf),"w/%s",prefix);
 - 
 
65 
     mkdirs(buf);
 - 
 
66 
    }
 - 
 
67 
    add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
 - 
 
68 
    if(!trusted_module() || is_class_module) {
 - 
 
69 
     if(fwrite_calls>=MAX_FWRITE) goto denied;
 - 
 
70 
     fwrite_calls++;
 - 
 
71 
     n=strlen(content)+1;
 - 
 
72 
     if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
 - 
 
73 
     fwrite_sizes+=n;
 - 
 
74 
    }
 49 
    }
- 
 
 50 
    fname+=strlen("getfile/");
- 
 
 51 
    snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
- 
 
 52 
    mkdirs(buf);
- 
 
 53 
    checklink=1; goto add;
- 
 
 54 
  }
- 
 
 55 
  if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
- 
 
 56 
    mystrncpy(buf,getvar("wims_home"),sizeof(buf));
- 
 
 57 
    fname+=9; goto add;
- 
 
 58 
  }
- 
 
 59 
  if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
- 
 
 60 
    mystrncpy(buf,prefix,sizeof(buf));
- 
 
 61 
  }
- 
 
 62 
  else {
- 
 
 63 
    if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
- 
 
 64 
      snprintf(buf,sizeof(buf),"w/%s",prefix);
- 
 
 65 
      mkdirs(buf);
- 
 
 66 
  }
- 
 
 67 
  add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
- 
 
 68 
  if(!trusted_module() || is_class_module) {
- 
 
 69 
    if(fwrite_calls>=MAX_FWRITE) goto denied;
- 
 
 70 
    fwrite_calls++;
- 
 
 71 
    n=strlen(content)+1;
- 
 
 72 
    if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
- 
 
 73 
    fwrite_sizes+=n;
- 
 
 74 
  }
75 
    if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
 75 
  if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
76 
      goto denied;
 76 
    goto denied;
77 
    lastdatafile[0]=lastftest[0]=0;
 77 
  lastdatafile[0]=lastftest[0]=0;
78 
    f=fopen(buf,type); if(f==NULL) return;
 78 
  f=fopen(buf,type); if(f==NULL) return;
79 
    fprintf(f,"%s\n",content);
 79 
  fprintf(f,"%s\n",content);
80 
    fclose(f);
 80 
  fclose(f);
81 
}
 81 
}
82 
 
 82 
 
83 
/* write to a file in module */
 83 
/* write to a file in module */
84 
void filewrite(char *p)
 84 
void filewrite(char *p)
85 
{
 85 
{
86 
    char *p1, *p2;
 86 
  char *p1, *p2;
87 
    secure_exec();
 87 
  secure_exec();
88 
    p1=find_word_start(p);
 88 
  p1=find_word_start(p);
89 
    p2=find_word_end(p1);
 89 
  p2=find_word_end(p1);
90 
    if(*p1==0) {*p=0;return;}
 90 
  if(*p1==0) {*p=0;return;}
91 
    if(*p2!=0) *p2++=0;
 91 
  if(*p2!=0) *p2++=0;
92 
    _filewrite(module_prefix,p1,p2,"w");
 92 
  _filewrite(module_prefix,p1,p2,"w");
93 
    *p=0;
 93 
  *p=0;
94 
}
 94 
}
95 
 
 95 
 
96 
/* append to a file in module */
 96 
/* append to a file in module */
97 
void fileappend(char *p)
 97 
void fileappend(char *p)
98 
{
 98 
{
99 
    char *p1, *p2;
 99 
  char *p1, *p2;
100 
    secure_exec();
 100 
  secure_exec();
101 
    p1=find_word_start(p);
 101 
  p1=find_word_start(p);
102 
    p2=find_word_end(p1);
 102 
  p2=find_word_end(p1);
103 
    if(*p1==0) {*p=0;return;}
 103 
  if(*p1==0) {*p=0;return;}
104 
    if(*p2!=0) *p2++=0;
 104 
  if(*p2!=0) *p2++=0;
105 
    _filewrite(module_prefix,p1,p2,"a");
 105 
  _filewrite(module_prefix,p1,p2,"a");
106 
    *p=0;
 106 
  *p=0;
107 
}
 107 
}
108 
 
 -