|
version 1.16, 2005/04/07 22:27:52
|
version 1.18, 2007/04/10 20:32:13
|
|
Line 41
|
Line 41
|
| # NSCL |
# NSCL |
| # Michigan State University8 |
# Michigan State University8 |
| # East Lansing, MI 48824-1321 |
# East Lansing, MI 48824-1321 |
| |
# |
| # General flow of control: |
# General flow of control: |
| # 1. Validate process state (must be run as www). |
# 1. Validate process state (must be run as www). |
| # 2. Validate parameters: Need two parameters: |
# 2. Validate parameters: Need two parameters: |
|
Line 61
|
Line 61
|
| # - internal - www:www/2775 |
# - internal - www:www/2775 |
| # - local - www:www/2775 |
# - local - www:www/2775 |
| # |
# |
| |
# |
| # |
# |
| # Take a few precautions to be sure that we're not vulnerable to trojan |
# Take a few precautions to be sure that we're not vulnerable to trojan |
| # horses and other fine issues: |
# horses and other fine issues: |
|
Line 70 use strict;
|
Line 70 use strict;
|
| use Fcntl qw(:mode); |
use Fcntl qw(:mode); |
| use DirHandle; |
use DirHandle; |
| use POSIX; |
use POSIX; |
| |
use lib '/home/httpd/lib/perl/'; |
| |
use LONCAPA qw(:match); |
| |
|
| $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; |
| delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}}; |
|
Line 132 if( $authentication ne "unix:" &&
|
Line 134 if( $authentication ne "unix:" &&
|
| |
|
| # Untaint the username. |
# Untaint the username. |
| |
|
| my $match = $username =~ /^(\w+)$/; |
my $match = $username =~ /^($match_username)$/; |
| my $patt = $1; |
my $patt = $1; |
| |
|
| if($DEBUG) { |
if($DEBUG) { |
|
Line 144 my $safeuser = $patt;
|
Line 146 my $safeuser = $patt;
|
| if($DEBUG) { |
if($DEBUG) { |
| print("Save username = $safeuser \n"); |
print("Save username = $safeuser \n"); |
| } |
} |
| if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) { |
if($username ne $safeuser) { |
| if($DEBUG) { |
if($DEBUG) { |
| print("User name $username had illegal characters\n"); |
print("User name $username had illegal characters\n"); |
| } |
} |
|
Line 154 if(($username ne $safeuser) or ($safeuse
|
Line 156 if(($username ne $safeuser) or ($safeuse
|
| #untaint the base directory require that the dir contain only |
#untaint the base directory require that the dir contain only |
| # alphas, / numbers or underscores, and end in /$safeuser |
# alphas, / numbers or underscores, and end in /$safeuser |
| |
|
| $dir =~ /(^([\w\/]+))/; |
$dir =~ /(^([\w\/\.\-]+))/; |
| |
|
| my $dirtry1 = $1; |
my $dirtry1 = $1; |
| |
|
|
Line 196 if ($authentication eq "unix:") {
|
Line 198 if ($authentication eq "unix:") {
|
| } |
} |
| } |
} |
| |
|
| |
|
| |
|
| &EnableRoot; |
&EnableRoot; |
| |
|
| |
# If authentication is internal and the top level directory exists |
| |
# give it the right permissions (in case this is a modification. |
| |
|
| |
if ($authentication eq "internal:") { |
| |
chmod(0711, $homedir); # so www can enter ~/public_html. |
| |
} |
| |
|
| &System("/bin/mkdir -p $fulldir") unless (-e $fulldir); |
&System("/bin/mkdir -p $fulldir") unless (-e $fulldir); |
| unless(-e $fulldir."/index.html") { |
unless(-e $fulldir."/index.html") { |
| open OUT,">".$fulldir."/index.html"; |
open OUT,">".$fulldir."/index.html"; |
![[BACK]](/icons/back.gif){kind=icon}
Return to lchtmldir CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom