--- loncom/Attic/lcuseradd	2004/08/05 10:56:55	1.26
+++ loncom/Attic/lcuseradd	2004/09/02 19:04:00	1.30
@@ -5,16 +5,8 @@
 # lcuseradd - LON-CAPA setuid script to coordinate all actions
 #             with adding a user with filesystem privileges (e.g. author)
 #
-# YEAR=2002
-#   May 19, 2002 Ron Fox
-#      - Removed creation of the pulic_html directory.  This directory
-#        can now be added in two ways:
-#        o The user can add it themselves if they want some local web
-#          space which may or may not contain construction items.
-#        o LonCapa will add it if/when the user is granted an Author
-#          role.
 #
-# $Id: lcuseradd,v 1.26 2004/08/05 10:56:55 foxr Exp $
+# $Id: lcuseradd,v 1.30 2004/09/02 19:04:00 albertel Exp $
 ###
 
 ###############################################################################
@@ -155,14 +147,12 @@ unless (&try_to_lock("/tmp/lock_lcpasswd
 my @input;
 if (@ARGV>=3) {
     @input=@ARGV;
-}
-elsif (@ARGV) {
+} elsif (@ARGV) {
     print("Error. This program needs at least 3 command-line arguments (username, ".
 	  "password 1, password 2 [errorfile]).\n") unless $noprint;
     unlink('/tmp/lock_lcpasswd');
     &Exit(2);
-}
-else {
+} else {
     @input=<>;
     if (@input < 3) {
 	print("Error. At least three lines should be entered into standard input.\n")
@@ -216,8 +206,7 @@ if($error_file) {
 	    Exit(14);
 	}
 
-    } 
-    else {
+    } else {
 	$error_file="";
 	print "Invalid error filename\n" unless $noprint;
 	Exit(14);
@@ -258,6 +247,9 @@ if ($status) {
 print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.
 my $groups=`/usr/bin/groups www` or &Exit(6);
+# untaint
+my ($safegroups)=($groups=~/:\s*([\s\w]+)/);
+$groups=$safegroups;
 chomp $groups; $groups=~s/^\S+\s+\:\s+//;
 my @grouplist=split(/\s+/,$groups);
 my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
@@ -324,9 +316,9 @@ if (-e '/var/run/httpd.pid') {
     open(PID,'/var/run/httpd.pid');
     my $pid=<PID>;
     close(PID);
-    $pid=~s/\D+//g;
+    my ($safepid)=($pid=~s/(\D+)//g);
     if ($pid) {
-	system('kill','-USR1',"$pid");
+	system('kill','-USR1',"$safepid");
     }
 }
 # -------------------------------------------------------- Exit script
@@ -339,8 +331,7 @@ sub enable_root_capability {
     if ($wwwid==$>) {
 	($<,$>)=($>,0);
 	($(,$))=($),0);
-    }
-    else {
+    } else {
 	# root capability is already enabled
     }
     return $>;
@@ -351,8 +342,7 @@ sub disable_root_capability {
     if ($wwwid==$<) {
 	($<,$>)=($>,$<);
 	($(,$))=($),$();
-    }
-    else {
+    } else {
 	# root capability is already disabled
     }
 }
@@ -381,8 +371,7 @@ sub try_to_lock {
 	    }
 	    sleep 3;
 	    $lastpid=$currentpid;
-	}
-	else {
+	} else {
 	    last;
 	}
 	if ($_==10) {