Diff for /loncom/Attic/lchtmldir between versions 1.16 and 1.18

version 1.16, 2005/04/07 22:27:52 version 1.18, 2007/04/10 20:32:13
Line 41 Line 41
 #    NSCL  #    NSCL
 #    Michigan State University8  #    Michigan State University8
 #    East Lansing, MI 48824-1321  #    East Lansing, MI 48824-1321
   #
 #   General flow of control:  #   General flow of control:
 #   1. Validate process state (must be run as www).  #   1. Validate process state (must be run as www).
 #   2. Validate parameters:  Need two parameters:  #   2. Validate parameters:  Need two parameters:
Line 61 Line 61
 #       - internal - www:www/2775  #       - internal - www:www/2775
 #       - local    - www:www/2775  #       - local    - www:www/2775
 #  #
   #
 #  #
 #   Take a few precautions to be sure that we're not vulnerable to trojan  #   Take a few precautions to be sure that we're not vulnerable to trojan
 #   horses and other fine issues:  #   horses and other fine issues:
Line 70  use strict; Line 70  use strict;
 use Fcntl qw(:mode);  use Fcntl qw(:mode);
 use DirHandle;  use DirHandle;
 use POSIX;  use POSIX;
   use lib '/home/httpd/lib/perl/';
   use LONCAPA qw(:match);
   
 $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';  $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';
 delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};  delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};
Line 132  if( $authentication ne "unix:"     && Line 134  if( $authentication ne "unix:"     &&
   
 # Untaint the username.  # Untaint the username.
   
 my $match = $username =~ /^(\w+)$/;  my $match = $username =~ /^($match_username)$/;
 my $patt  = $1;  my $patt  = $1;
     
 if($DEBUG) {  if($DEBUG) {
Line 144  my $safeuser = $patt; Line 146  my $safeuser = $patt;
 if($DEBUG) {  if($DEBUG) {
     print("Save username = $safeuser \n");      print("Save username = $safeuser \n");
 }  }
 if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) {  if($username ne $safeuser) {
     if($DEBUG) {      if($DEBUG) {
  print("User name $username had illegal characters\n");   print("User name $username had illegal characters\n");
     }      }
Line 154  if(($username ne $safeuser) or ($safeuse Line 156  if(($username ne $safeuser) or ($safeuse
 #untaint the base directory require that the dir contain only   #untaint the base directory require that the dir contain only 
 # alphas, / numbers or underscores, and end in /$safeuser  # alphas, / numbers or underscores, and end in /$safeuser
   
 $dir =~ /(^([\w\/]+))/;  $dir =~ /(^([\w\/\.\-]+))/;
   
 my $dirtry1 = $1;  my $dirtry1 = $1;
   
Line 196  if ($authentication eq "unix:") { Line 198  if ($authentication eq "unix:") {
     }      }
 }  }
   
   
   
 &EnableRoot;  &EnableRoot;
   
   #  If authentication is internal and the top level directory exists
   #  give it the right permissions (in case this is a modification.
   
   if ($authentication eq "internal:") {
       chmod(0711, $homedir); # so www can enter ~/public_html.
   }
   
 &System("/bin/mkdir -p $fulldir")   unless (-e $fulldir);  &System("/bin/mkdir -p $fulldir")   unless (-e $fulldir);
     unless(-e $fulldir."/index.html") {      unless(-e $fulldir."/index.html") {
  open OUT,">".$fulldir."/index.html";   open OUT,">".$fulldir."/index.html";

Removed from v.1.16  
changed lines
  Added in v.1.18


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>