Subversion Repositories wimsdev

Rev

Rev 8185 | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. /*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
  2.  *
  3.  *  This program is free software; you can redistribute it and/or modify
  4.  *  it under the terms of the GNU General Public License as published by
  5.  *  the Free Software Foundation; either version 2 of the License, or
  6.  *  (at your option) any later version.
  7.  *
  8.  *  This program is distributed in the hope that it will be useful,
  9.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  10.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11.  *  GNU General Public License for more details.
  12.  *
  13.  *  You should have received a copy of the GNU General Public License
  14.  *  along with this program; if not, write to the Free Software
  15.  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  16.  */
  17.  
  18. #include "wims.h"
  19.  
  20. void secure_exec(void);
  21.  
  22. int fwrite_calls=0; /* number of files */
  23. int fwrite_sizes=0; /* total size */
  24.  
  25. /* write to a writable file. */
  26. void _filewrite(char *prefix, char *fname, char *content, char *type)
  27. {
  28.   char *m, buf[MAX_LINELEN+1];
  29.   FILE *f;
  30.   int n,checklink;
  31.   struct stat stl;
  32.   checklink=0;
  33.   if(strstr(fname,parent_dir_string)!=NULL){
  34.     setvar(error_data_string,fname);
  35.    module_error("illegal_fname"); return;
  36.   }
  37.   m=getvar(ro_name[ro_module]);
  38.   if(m==NULL || *m==0) return;
  39.   if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
  40.      strstr(session_prefix,"robot")==NULL) {
  41.     mystrncpy(buf,tmp_dir,sizeof(buf));
  42.     goto add;
  43.   }
  44.   if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
  45.     if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
  46. denied:
  47.       setvar(error_data_string,fname);
  48.       module_error("file_access_denied"); return;
  49.     }
  50.     fname+=strlen("getfile/");
  51.     snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
  52.     mkdirs(buf);
  53.     checklink=1; goto add;
  54.   }
  55.   if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
  56.     mystrncpy(buf,getvar("wims_home"),sizeof(buf));
  57.     fname+=9; goto add;
  58.   }
  59.   if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
  60.     mystrncpy(buf,prefix,sizeof(buf));
  61.   }
  62.   else {
  63.     if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
  64.       snprintf(buf,sizeof(buf),"w/%s",prefix);
  65.       mkdirs(buf);
  66.   }
  67.   add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
  68.   if(!trusted_module() || is_class_module) {
  69.     if(fwrite_calls>=MAX_FWRITE) goto denied;
  70.     fwrite_calls++;
  71.     n=strlen(content)+1;
  72.     if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
  73.     fwrite_sizes+=n;
  74.   }
  75.   if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
  76.     goto denied;
  77.   lastdatafile[0]=lastftest[0]=0;
  78.   f=fopen(buf,type); if(f==NULL) return;
  79.   fprintf(f,"%s\n",content);
  80.   fclose(f);
  81. }
  82.  
  83. /* write to a file in module */
  84. void filewrite(char *p)
  85. {
  86.   char *p1, *p2;
  87.   secure_exec();
  88.   p1=find_word_start(p);
  89.   p2=find_word_end(p1);
  90.   if(*p1==0) {*p=0;return;}
  91.   if(*p2!=0) *p2++=0;
  92.   _filewrite(module_prefix,p1,p2,"w");
  93.   *p=0;
  94. }
  95.  
  96. /* append to a file in module */
  97. void fileappend(char *p)
  98. {
  99.   char *p1, *p2;
  100.   secure_exec();
  101.   p1=find_word_start(p);
  102.   p2=find_word_end(p1);
  103.   if(*p1==0) {*p=0;return;}
  104.   if(*p2!=0) *p2++=0;
  105.   _filewrite(module_prefix,p1,p2,"a");
  106.   *p=0;
  107. }
  108.