Subversion Repositories wimsdev

Rev

Rev 10 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. /*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
  2.  *
  3.  *  This program is free software; you can redistribute it and/or modify
  4.  *  it under the terms of the GNU General Public License as published by
  5.  *  the Free Software Foundation; either version 2 of the License, or
  6.  *  (at your option) any later version.
  7.  *
  8.  *  This program is distributed in the hope that it will be useful,
  9.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  10.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11.  *  GNU General Public License for more details.
  12.  *
  13.  *  You should have received a copy of the GNU General Public License
  14.  *  along with this program; if not, write to the Free Software
  15.  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  16.  */
  17.  
  18. void secure_exec(void);
  19.  
  20. int fwrite_calls=0; /* number of files */
  21. int fwrite_sizes=0; /* total size */
  22.  
  23. /* write to a writable file. */
  24. void _filewrite(char *prefix, char *fname, char *content, char *type)
  25. {
  26.     char *m, buf[MAX_LINELEN+1];
  27.     FILE *f;
  28.     int n,checklink;
  29.     struct stat stl;
  30.     checklink=0;
  31.     if(strstr(fname,parent_dir_string)!=NULL){
  32.      setvar(error_data_string,fname);
  33.      module_error("illegal_fname"); return;
  34.     }
  35.     m=getvar(ro_name[ro_module]);
  36.     if(m==NULL || *m==0) return;
  37.     if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
  38.        strstr(session_prefix,"robot")==NULL) {
  39.      mystrncpy(buf,tmp_dir,sizeof(buf));
  40.      goto add;
  41.     }
  42.     if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
  43.      if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
  44. denied:
  45.          setvar(error_data_string,fname);
  46.          module_error("file_access_denied"); return;
  47.      }
  48.      fname+=strlen("getfile/");
  49.      snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
  50.      mkdirs(buf);
  51.      checklink=1; goto add;
  52.     }
  53.     if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
  54.      mystrncpy(buf,getvar("wims_home"),sizeof(buf));
  55.      fname+=9; goto add;
  56.     }
  57.     if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
  58.      mystrncpy(buf,prefix,sizeof(buf));
  59.     }
  60.     else {
  61.      if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
  62.      snprintf(buf,sizeof(buf),"w/%s",prefix);
  63.      mkdirs(buf);
  64.     }
  65.     add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
  66.     if(!trusted_module() || is_class_module) {
  67.      if(fwrite_calls>=MAX_FWRITE) goto denied;
  68.      fwrite_calls++;
  69.      n=strlen(content)+1;
  70.      if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
  71.      fwrite_sizes+=n;
  72.     }
  73.     if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
  74.       goto denied;
  75.     lastdatafile[0]=lastftest[0]=0;
  76.     f=fopen(buf,type); if(f==NULL) return;
  77.     fprintf(f,"%s\n",content);
  78.     fclose(f);
  79. }
  80.  
  81. /* write to a file in module */
  82. void filewrite(char *p)
  83. {
  84.     char *p1, *p2;
  85.     secure_exec();
  86.     p1=find_word_start(p);
  87.     p2=find_word_end(p1);
  88.     if(*p1==0) {*p=0;return;}
  89.     if(*p2!=0) *p2++=0;
  90.     _filewrite(module_prefix,p1,p2,"w");
  91.     *p=0;
  92. }
  93.  
  94. /* append to a file in module */
  95. void fileappend(char *p)
  96. {
  97.     char *p1, *p2;
  98.     secure_exec();
  99.     p1=find_word_start(p);
  100.     p2=find_word_end(p1);
  101.     if(*p1==0) {*p=0;return;}
  102.     if(*p2!=0) *p2++=0;
  103.     _filewrite(module_prefix,p1,p2,"a");
  104.     *p=0;
  105. }
  106.  
  107.