--- loncom/lond	2004/09/03 10:13:59	1.248
+++ loncom/lond	2004/09/07 10:05:23	1.249
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.248 2004/09/03 10:13:59 foxr Exp $
+# $Id: lond,v 1.249 2004/09/07 10:05:23 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -57,7 +57,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.248 $'; #' stupid emacs
+my $VERSION='$Revision: 1.249 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1306,9 +1306,27 @@ sub du_handler {
 	&Failure($client,"refused\n","$cmd:$ududir");
 	return 1;
     }
-    my $duout = `du -ks $ududir 2>/dev/null`;
-    $duout=~s/[^\d]//g; #preserve only the numbers
-    &Reply($client,"$duout\n","$cmd:$ududir");
+    #  Since $ududir could have some nasties in it,
+    #  we will require that ududir is a valid
+    #  directory.  Just in case someone tries to
+    #  slip us a  line like .;(cd /home/httpd rm -rf*)
+    #  etc.
+    #
+    if (-d $ududir) {
+	#  And as Shakespeare would say to make
+	#  assurance double sure, quote the $ududir
+	#  This is in case someone manages to first
+	#  e.g. fabricate a valid directory with a ';'
+	#  in it.  Quoting the dir will help
+	#  keep $ududir completely interpreted as a 
+	#  directory.
+	# 
+	my $duout = `du -ks "$ududir" 2>/dev/null`;
+	$duout=~s/[^\d]//g; #preserve only the numbers
+	&Reply($client,"$duout\n","$cmd:$ududir");
+    } else {
+	&Failure($client, "bad_directory:$ududir", $userinput);
+    }
     return 1;
 }
 &register_handler("du", \&du_handler, 0, 1, 0);
@@ -1370,7 +1388,7 @@ sub ls_handler {
 	$ulsout='no_such_dir';
     }
     if ($ulsout eq '') { $ulsout='empty'; }
-    print $client "$ulsout\n";
+    &Reply($client, "$ulsout\n", $userinput); # This supports debug logging.
     
     return 1;
 
@@ -4989,7 +5007,8 @@ sub validate_user {
     # At the end of this function. I'll ensure that it's not still that
     # value so we don't just wind up returning some accidental value
     # as a result of executing an unforseen code path that
-    # did not set $validated.
+    # did not set $validated.  At the end of valid execution paths,
+    # validated shoule be 1 for success or 0 for failuer.
 
     my $validated = -3.14159;
 
@@ -5077,7 +5096,11 @@ sub validate_user {
     #
 
     unless ($validated != -3.14159) {
-	die "ValidateUser - failed to set the value of validated";
+	#  I >really really< want to know if this happens.
+	#  since it indicates that user authentication is badly
+	#  broken in some code path.
+        #
+	die "ValidateUser - failed to set the value of validated $domain, $user $password";
     }
     return $validated;
 }