Subversion Repositories wimsdev

Rev

Rev 7673 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. /*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
  2.  *
  3.  *  This program is free software; you can redistribute it and/or modify
  4.  *  it under the terms of the GNU General Public License as published by
  5.  *  the Free Software Foundation; either version 2 of the License, or
  6.  *  (at your option) any later version.
  7.  *
  8.  *  This program is distributed in the hope that it will be useful,
  9.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  10.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11.  *  GNU General Public License for more details.
  12.  *
  13.  *  You should have received a copy of the GNU General Public License
  14.  *  along with this program; if not, write to the Free Software
  15.  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  16.  */
  17.  
  18. #include "wims.h"
  19.  
  20. void secure_exec(void);
  21.  
  22. int fwrite_calls=0; /* number of files */
  23. int fwrite_sizes=0; /* total size */
  24.  
  25. /* write to a writable file. */
  26. void _filewrite(char *prefix, char *fname, char *content, char *type)
  27. {
  28.     char *m, buf[MAX_LINELEN+1];
  29.     FILE *f;
  30.     int n,checklink;
  31.     struct stat stl;
  32.     checklink=0;
  33.     if(strstr(fname,parent_dir_string)!=NULL){
  34.      setvar(error_data_string,fname);
  35.      module_error("illegal_fname"); return;
  36.     }
  37.     m=getvar(ro_name[ro_module]);
  38.     if(m==NULL || *m==0) return;
  39.     if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
  40.        strstr(session_prefix,"robot")==NULL) {
  41.      mystrncpy(buf,tmp_dir,sizeof(buf));
  42.      goto add;
  43.     }
  44.     if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
  45.      if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
  46. denied:
  47.          setvar(error_data_string,fname);
  48.          module_error("file_access_denied"); return;
  49.      }
  50.      fname+=strlen("getfile/");
  51.      snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
  52.      mkdirs(buf);
  53.      checklink=1; goto add;
  54.     }
  55.     if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
  56.      mystrncpy(buf,getvar("wims_home"),sizeof(buf));
  57.      fname+=9; goto add;
  58.     }
  59.     if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
  60.      mystrncpy(buf,prefix,sizeof(buf));
  61.     }
  62.     else {
  63.      if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
  64.      snprintf(buf,sizeof(buf),"w/%s",prefix);
  65.      mkdirs(buf);
  66.     }
  67.     add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
  68.     if(!trusted_module() || is_class_module) {
  69.      if(fwrite_calls>=MAX_FWRITE) goto denied;
  70.      fwrite_calls++;
  71.      n=strlen(content)+1;
  72.      if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
  73.      fwrite_sizes+=n;
  74.     }
  75.     if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
  76.       goto denied;
  77.     lastdatafile[0]=lastftest[0]=0;
  78.     f=fopen(buf,type); if(f==NULL) return;
  79.     fprintf(f,"%s\n",content);
  80.     fclose(f);
  81. }
  82.  
  83. /* write to a file in module */
  84. void filewrite(char *p)
  85. {
  86.     char *p1, *p2;
  87.     secure_exec();
  88.     p1=find_word_start(p);
  89.     p2=find_word_end(p1);
  90.     if(*p1==0) {*p=0;return;}
  91.     if(*p2!=0) *p2++=0;
  92.     _filewrite(module_prefix,p1,p2,"w");
  93.     *p=0;
  94. }
  95.  
  96. /* append to a file in module */
  97. void fileappend(char *p)
  98. {
  99.     char *p1, *p2;
  100.     secure_exec();
  101.     p1=find_word_start(p);
  102.     p2=find_word_end(p1);
  103.     if(*p1==0) {*p=0;return;}
  104.     if(*p2!=0) *p2++=0;
  105.     _filewrite(module_prefix,p1,p2,"a");
  106.     *p=0;
  107. }
  108.  
  109.