Index: openacs-4/packages/acs-subsite/acs-subsite.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/acs-subsite.info,v
diff -u -r1.131.2.28 -r1.131.2.29
--- openacs-4/packages/acs-subsite/acs-subsite.info 15 Jul 2022 14:23:52 -0000 1.131.2.28
+++ openacs-4/packages/acs-subsite/acs-subsite.info 26 Aug 2022 12:06:43 -0000 1.131.2.29
@@ -9,7 +9,7 @@
t
t
-
+
OpenACS
Subsite
2021-09-15
@@ -18,12 +18,12 @@
GPL
3
-
+
-
+
@@ -149,14 +149,14 @@
-
-
+
+
Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -r1.95.2.51 -r1.95.2.52
--- openacs-4/packages/acs-tcl/acs-tcl.info 25 Aug 2022 12:37:13 -0000 1.95.2.51
+++ openacs-4/packages/acs-tcl/acs-tcl.info 26 Aug 2022 12:06:43 -0000 1.95.2.52
@@ -9,7 +9,7 @@
f
t
-
+
OpenACS
The Kernel Tcl API library.
2021-09-15
@@ -18,7 +18,7 @@
GPL version 2
3
-
+
Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.126.2.73 -r1.126.2.74
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 25 Aug 2022 15:37:01 -0000 1.126.2.73
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 26 Aug 2022 12:06:43 -0000 1.126.2.74
@@ -1174,8 +1174,6 @@
ad_proc security::safe_tmpfile_p {
-must_exist:boolean
- -recursive:boolean
- -subsite_id
tmpfile
} {
@@ -1188,13 +1186,6 @@
@param tmpfile absolute path to a possibly existing tmpfile
@param must_exist make sure the file exists
- @param recursive accept also files in a subfolder of a valid
- tmpfolder
- @param subsite_id when specified, the list of allowed tmpdirs will
- be taken from the TmpDir subsite
- parameter. Server-wide configuration will be
- used if no subsite is specified or if the
- parameter turns out to be empty.
@return boolean
} {
@@ -1203,36 +1194,11 @@
#
set tmpfile [ns_normalizepath $tmpfile]
- if {[info exists subsite_id]} {
+ if {[ad_file dirname $tmpfile] ni [ns_config ns/parameters tmpdir]} {
#
- # We fetch the tmpdirs from the subsite parameter
- #
- set tmpdirs [parameter::get -package_id $subsite_id -parameter TmpDir]
- } else {
- set tmpdirs [list]
- }
-
- if {[llength $tmpdirs] == 0} {
- #
- # Server-wide tmpdirs
- #
- set tmpdirs [ns_config ns/parameters tmpdir]
- }
-
- if {!$recursive_p && [ad_file dirname $tmpfile] ni $tmpdirs} {
- #
# File is not a direct child of one of the tmpfolders: not safe
#
return false
- } else {
- #
- # File does not belong to the hierarchy of any of the
- # tmpfolders: not safe
- #
- set separator [file separator]
- if { ![regexp ^([join $tmpdirs |])${separator}.*\$ $tmpfile] } {
- return false
- }
}
if {![ad_file exists $tmpfile]} {
Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v
diff -u -r1.61.2.31 -r1.61.2.32
--- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Aug 2022 16:01:27 -0000 1.61.2.31
+++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 26 Aug 2022 12:06:44 -0000 1.61.2.32
@@ -1949,34 +1949,20 @@
return 1
}
-ad_page_contract_filter tmpfile { name value {options ""} } {
- Validate a tmpfile path. This must belong to one of the configured
- tmpfolders, either in the subsite settings or in the server-wide
- parameter.
+ad_page_contract_filter tmpfile { name value } {
+ Validate a tmpfile path. This must exist, be a direct child of the
+ configured tmpfolder in the server-wide parameter and be readable
+ and writable by the current user.
- One can also specify the filter in "strict" mode as
- tmpfile(strict). In this case, only the tempfolder from the
- server-wide settings is allowed, the tempfile must be a direct
- child of the tmpfolder and must also exist. This mimicks the
- behavior of Aolserver/Naviserver when a tmpfile is created and can
- be used to validate such paths.
+ Example usage: uploaded_file.tmpfile:tmpfile,optional
@author Lars Pind (lars@pinds.com)
@creation-date 25 July 2000
} {
- set strict_p [expr {"strict" in $options}]
+ set tmpfile_p [security::safe_tmpfile_p \
+ -must_exist \
+ $value]
- if {$strict_p} {
- set tmpfile_p [security::safe_tmpfile_p \
- -must_exist \
- $value]
- } else {
- set tmpfile_p [security::safe_tmpfile_p \
- -recursive \
- -subsite_id [ad_conn subsite_id] \
- $value]
- }
-
if {!$tmpfile_p} {
ad_log warning "They tried to sneak in invalid tmpfile '$value'"
ad_complain [_ acs-tcl.lt_You_specified_a_path_]
Index: openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl,v
diff -u -r1.1.2.7 -r1.1.2.8
--- openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 25 Aug 2022 15:37:02 -0000 1.1.2.7
+++ openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 26 Aug 2022 12:06:44 -0000 1.1.2.8
@@ -120,39 +120,16 @@
aa_true "An existing tmpfile is safe" [security::safe_tmpfile_p -must_exist $tmpfile]
file delete -- $tmpfile
- aa_section {Path to an existing file in a tmpdir subfolder}
- set tmpdir [ad_tmpnam]
- file mkdir $tmpdir
- set tmpfile $tmpdir/onefile
- set wfd [open $tmpfile w]
- puts $wfd 1234
- close $wfd
- aa_false "File is not considered safe when not searching recursively" \
- [security::safe_tmpfile_p -must_exist $tmpfile]
- aa_true "File is considered safe when searching recursively" \
- [security::safe_tmpfile_p -recursive -must_exist $tmpfile]
- file delete -force -- $tmpdir
-
aa_section {Path to a tmpfile in a folder of the tmpdir}
set tmpfile [ad_tmpnam]/test
aa_false "A safe tmpfile can only be a direct child of the tmpdir" \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Path to a tmpfile in a folder of the tmpdir when we allow recursive paths}
- set tmpfile [ad_tmpnam]/test
- aa_true "A safe tmpfile can be a at any depth in the hierachy of a tmpdir" \
- [security::safe_tmpfile_p -recursive $tmpfile]
-
aa_section {Trying to confuse the proc with ".."}
set tmpfile [ad_tmpnam]/../../test
aa_false "Proc is not fooled by .." \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Trying to confuse the proc with ".." when we allow recursive paths}
- set tmpfile [ad_tmpnam]/../test
- aa_true "Proc is not fooled by .." \
- [security::safe_tmpfile_p -recursive $tmpfile]
-
aa_section {Trying to confuse the proc with "~"}
set tmpfile ~/../../test
aa_false "Proc is not fooled by ~" \
@@ -163,9 +140,4 @@
aa_false "A safe tmpfile can only be a direct child of the tmpdir" \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Path to a file outside of the tmpdir when we allow recursive paths}
- set tmpfile [acs_root_dir]/mypreciouscode
- aa_false "A safe tmpfile can only be in the hierachy of the tmpdir" \
- [security::safe_tmpfile_p $tmpfile]
-
}