Skip to content
Snippets Groups Projects
Commit 37d8a01f authored by rswindell's avatar rswindell
Browse files

sbbs_t::upload() now returns false if user doesn't have upload permissions.

parent 061cc5f0
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/sbbs3/execfile.cpp
+ 9
35
View file @ 37d8a01f
...@@ -262,56 +262,30 @@ int sbbs_t::exec_file(csi_t *csi) ...@@ -262,56 +262,30 @@ int sbbs_t::exec_file(csi_t *csi)
case CS_FILE_UPLOAD: case CS_FILE_UPLOAD:
csi->logic=LOGIC_FALSE; csi->logic=LOGIC_FALSE;
if(useron.rest&FLAG('U')) {
bputs(text[R_Upload]);
return(0); }
if(usrlibs) { if(usrlibs) {
i=usrdir[curlib][curdir[curlib]]; i=usrdir[curlib][curdir[curlib]];
if(cfg.upload_dir!=INVALID_DIR if(cfg.upload_dir!=INVALID_DIR
&& !chk_ar(cfg.dir[i]->ul_ar,&useron)) && !chk_ar(cfg.dir[i]->ul_ar,&useron))
i=cfg.upload_dir; }
else
i=cfg.upload_dir; i=cfg.upload_dir;
} else
if((uint)i==INVALID_DIR || !chk_ar(cfg.dir[i]->ul_ar,&useron)) { i=cfg.upload_dir;
bputs(text[CantUploadHere]); csi->logic=upload(i) ? LOGIC_TRUE:LOGIC_FALSE;
return(0); }
if(getfiles(&cfg,i)>=cfg.dir[i]->maxfiles)
bputs(text[DirFull]);
else {
upload(i);
csi->logic=LOGIC_TRUE; }
return(0); return(0);
case CS_FILE_UPLOAD_USER: case CS_FILE_UPLOAD_USER:
csi->logic=LOGIC_FALSE; csi->logic=LOGIC_FALSE;
if(cfg.user_dir==INVALID_DIR) { if(cfg.user_dir==INVALID_DIR) {
bputs(text[NoUserDir]); bputs(text[NoUserDir]);
return(0); } return(0);
if(getfiles(&cfg,cfg.user_dir)>=cfg.dir[cfg.user_dir]->maxfiles) }
bputs(text[UserDirFull]); csi->logic=upload(cfg.user_dir) ? LOGIC_TRUE:LOGIC_FALSE;
else if(useron.rest&FLAG('U'))
bputs(text[R_Upload]);
else if(!chk_ar(cfg.dir[cfg.user_dir]->ul_ar,&useron))
bputs(text[CantUploadToUser]);
else {
upload(cfg.user_dir);
csi->logic=LOGIC_TRUE; }
return(0); return(0);
case CS_FILE_UPLOAD_SYSOP: case CS_FILE_UPLOAD_SYSOP:
csi->logic=LOGIC_FALSE; csi->logic=LOGIC_FALSE;
if(cfg.sysop_dir==INVALID_DIR) { if(cfg.sysop_dir==INVALID_DIR) {
bputs(text[NoSysopDir]); bputs(text[NoSysopDir]);
return(0); } return(0);
if(getfiles(&cfg,cfg.sysop_dir)>=cfg.dir[cfg.sysop_dir]->maxfiles) }
bputs(text[DirFull]); csi->logic=upload(cfg.sysop_dir) ? LOGIC_TRUE:LOGIC_FALSE;
else if(useron.rest&FLAG('U'))
bputs(text[R_Upload]);
else if(!chk_ar(cfg.dir[cfg.sysop_dir]->ul_ar,&useron))
bputs(text[CantUploadToSysop]);
else {
upload(cfg.sysop_dir);
csi->logic=LOGIC_TRUE; }
return(0); return(0);
case CS_FILE_DOWNLOAD: case CS_FILE_DOWNLOAD:
if(!usrlibs) return(0); if(!usrlibs) return(0);
......
src/sbbs3/sbbs.h
+ 1
1
View file @ 37d8a01f
...@@ -555,7 +555,7 @@ public: ...@@ -555,7 +555,7 @@ public:
/* upload.cpp */ /* upload.cpp */
bool uploadfile(file_t* f); bool uploadfile(file_t* f);
char sbbsfilename[128],sbbsfiledesc[128]; /* env vars */ char sbbsfilename[128],sbbsfiledesc[128]; /* env vars */
void upload(uint dirnum); bool upload(uint dirnum);
char upload_lastdesc[LEN_FDESC+1]; char upload_lastdesc[LEN_FDESC+1];
void update_uldate(file_t* f); void update_uldate(file_t* f);
bool bulkupload(uint dirnum); bool bulkupload(uint dirnum);
......
src/sbbs3/upload.cpp
+ 43
21
View file @ 37d8a01f
...@@ -260,7 +260,7 @@ void sbbs_t::update_uldate(file_t* f) ...@@ -260,7 +260,7 @@ void sbbs_t::update_uldate(file_t* f)
/****************************************************************************/ /****************************************************************************/
/* Uploads files */ /* Uploads files */
/****************************************************************************/ /****************************************************************************/
void sbbs_t::upload(uint dirnum) bool sbbs_t::upload(uint dirnum)
{ {
char str[256],src[256]={""},descbeg[25]={""},descend[25]={""},path[256] char str[256],src[256]={""},descbeg[25]={""},descend[25]={""},path[256]
,fname[13],keys[256],ch,*p; ,fname[13],keys[256],ch,*p;
...@@ -273,6 +273,25 @@ void sbbs_t::upload(uint dirnum) ...@@ -273,6 +273,25 @@ void sbbs_t::upload(uint dirnum)
user_t user; user_t user;
node_t node; node_t node;
/* Security Checks */
if(useron.rest&FLAG('U')) {
bputs(text[R_Upload]);
return(false);
}
if(dirnum==INVALID_DIR) {
bputs(text[CantUploadHere]);
return(false);
}
if(!chk_ar(cfg.dir[dirnum]->ul_ar,&useron)) {
bputs(dirnum==cfg.user_dir ? text[CantUploadToUser] :
dirnum==cfg.sysop_dir ? text[CantUploadToSysop] : text[CantUploadHere]);
return(false);
}
if(getfiles(&cfg,dirnum)>=cfg.dir[dirnum]->maxfiles) {
bputs(dirnum==cfg.user_dir ? text[UserDirFull] : text[DirFull]);
return(false);
}
if(sys_status&SS_EVENT && online==ON_REMOTE && !dir_op(dirnum)) if(sys_status&SS_EVENT && online==ON_REMOTE && !dir_op(dirnum))
bprintf(text[UploadBeforeEvent],timeleft/60); bprintf(text[UploadBeforeEvent],timeleft/60);
if(altul) if(altul)
...@@ -288,7 +307,8 @@ void sbbs_t::upload(uint dirnum) ...@@ -288,7 +307,8 @@ void sbbs_t::upload(uint dirnum)
sprintf(str,"Diskspace is low: %s (%lu bytes)",path,space); sprintf(str,"Diskspace is low: %s (%lu bytes)",path,space);
errorlog(str); errorlog(str);
if(!dir_op(dirnum)) if(!dir_op(dirnum))
return; } return(false);
}
bprintf(text[DiskNBytesFree],ultoac(space,tmp)); bprintf(text[DiskNBytesFree],ultoac(space,tmp));
f.dir=curdirnum=dirnum; f.dir=curdirnum=dirnum;
...@@ -299,7 +319,8 @@ void sbbs_t::upload(uint dirnum) ...@@ -299,7 +319,8 @@ void sbbs_t::upload(uint dirnum)
|| !checkfname(fname) || (trashcan(fname,"file") && !dir_op(dirnum))) { || !checkfname(fname) || (trashcan(fname,"file") && !dir_op(dirnum))) {
if(fname[0]) if(fname[0])
bputs(text[BadFilename]); bputs(text[BadFilename]);
return; } return(false);
}
if(dirnum==cfg.sysop_dir) if(dirnum==cfg.sysop_dir)
sprintf(str,text[UploadToSysopDirQ],fname); sprintf(str,text[UploadToSysopDirQ],fname);
else if(dirnum==cfg.user_dir) else if(dirnum==cfg.user_dir)
...@@ -307,21 +328,21 @@ void sbbs_t::upload(uint dirnum) ...@@ -307,21 +328,21 @@ void sbbs_t::upload(uint dirnum)
else else
sprintf(str,text[UploadToCurDirQ],fname,cfg.lib[cfg.dir[dirnum]->lib]->sname sprintf(str,text[UploadToCurDirQ],fname,cfg.lib[cfg.dir[dirnum]->lib]->sname
,cfg.dir[dirnum]->sname); ,cfg.dir[dirnum]->sname);
if(!yesno(str)) return; if(!yesno(str)) return(false);
action=NODE_ULNG; action=NODE_ULNG;
padfname(fname,f.name); padfname(fname,f.name);
sprintf(str,"%s%s",path,fname); sprintf(str,"%s%s",path,fname);
if(fexist(str)) { /* File is on disk */ if(fexist(str)) { /* File is on disk */
if(!dir_op(dirnum) && online!=ON_LOCAL) { /* local users or sysops */ if(!dir_op(dirnum) && online!=ON_LOCAL) { /* local users or sysops */
bprintf(text[FileAlreadyThere],fname); bprintf(text[FileAlreadyThere],fname);
return; } return(false); }
if(!yesno(text[FileOnDiskAddQ])) if(!yesno(text[FileOnDiskAddQ]))
return; } return(false); }
else if(online==ON_LOCAL) { else if(online==ON_LOCAL) {
bputs(text[FileNotOnDisk]); bputs(text[FileNotOnDisk]);
bputs(text[EnterPath]); bputs(text[EnterPath]);
if(!getstr(tmp,60,K_LINE|K_UPPER)) if(!getstr(tmp,60,K_LINE|K_UPPER))
return; return(false);
backslash(tmp); backslash(tmp);
sprintf(src,"%s%s",tmp,fname); } sprintf(src,"%s%s",tmp,fname); }
strcpy(str,cfg.dir[dirnum]->exts); strcpy(str,cfg.dir[dirnum]->exts);
...@@ -339,7 +360,7 @@ void sbbs_t::upload(uint dirnum) ...@@ -339,7 +360,7 @@ void sbbs_t::upload(uint dirnum)
bputs(text[TheseFileExtsOnly]); bputs(text[TheseFileExtsOnly]);
bputs(cfg.dir[dirnum]->exts); bputs(cfg.dir[dirnum]->exts);
CRLF; CRLF;
if(!dir_op(dirnum)) return; } if(!dir_op(dirnum)) return(false); }
bputs(text[SearchingForDupes]); bputs(text[SearchingForDupes]);
for(i=k=0;i<usrlibs;i++) for(i=k=0;i<usrlibs;i++)
for(j=0;j<usrdirs[i];j++,k++) { for(j=0;j<usrdirs[i];j++,k++) {
...@@ -351,9 +372,9 @@ void sbbs_t::upload(uint dirnum) ...@@ -351,9 +372,9 @@ void sbbs_t::upload(uint dirnum)
bputs(text[SearchedForDupes]); bputs(text[SearchedForDupes]);
bprintf(text[FileAlreadyOnline],f.name); bprintf(text[FileAlreadyOnline],f.name);
if(!dir_op(dirnum)) if(!dir_op(dirnum))
return; /* File is in database for another dir */ return(false); /* File is in database for another dir */
if(usrdir[i][j]==dirnum) if(usrdir[i][j]==dirnum)
return; } } /* don't allow duplicates */ return(false); } } /* don't allow duplicates */
bputs(text[SearchedForDupes]); bputs(text[SearchedForDupes]);
if(dirnum==cfg.user_dir) { /* User to User transfer */ if(dirnum==cfg.user_dir) { /* User to User transfer */
bputs(text[EnterAfterLastDestUser]); bputs(text[EnterAfterLastDestUser]);
...@@ -382,13 +403,13 @@ void sbbs_t::upload(uint dirnum) ...@@ -382,13 +403,13 @@ void sbbs_t::upload(uint dirnum)
else { else {
CRLF; } } CRLF; } }
if(!destusers) if(!destusers)
return; } return(false); }
if(cfg.dir[dirnum]->misc&DIR_RATE) { if(cfg.dir[dirnum]->misc&DIR_RATE) {
SYNC; SYNC;
bputs(text[RateThisFile]); bputs(text[RateThisFile]);
ch=getkey(K_ALPHA); ch=getkey(K_ALPHA);
if(!isalpha(ch) || sys_status&SS_ABORT) if(!isalpha(ch) || sys_status&SS_ABORT)
return; return(false);
CRLF; CRLF;
sprintf(descbeg,text[Rated],toupper(ch)); } sprintf(descbeg,text[Rated],toupper(ch)); }
if(cfg.dir[dirnum]->misc&DIR_ULDATE) { if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
...@@ -402,10 +423,10 @@ void sbbs_t::upload(uint dirnum) ...@@ -402,10 +423,10 @@ void sbbs_t::upload(uint dirnum)
if(!noyes(text[MultipleDiskQ])) { if(!noyes(text[MultipleDiskQ])) {
bputs(text[HowManyDisksTotal]); bputs(text[HowManyDisksTotal]);
if((int)(i=getnum(99))<2) if((int)(i=getnum(99))<2)
return; return(false);
bputs(text[NumberOfFile]); bputs(text[NumberOfFile]);
if((int)(j=getnum(i))<1) if((int)(j=getnum(i))<1)
return; return(false);
if(j==1) if(j==1)
upload_lastdesc[0]=0; upload_lastdesc[0]=0;
if(i>9) if(i>9)
...@@ -420,7 +441,7 @@ void sbbs_t::upload(uint dirnum) ...@@ -420,7 +441,7 @@ void sbbs_t::upload(uint dirnum)
i=LEN_FDESC-(strlen(descbeg)+strlen(descend)); i=LEN_FDESC-(strlen(descbeg)+strlen(descend));
getstr(upload_lastdesc,i,K_LINE|K_EDIT|K_AUTODEL); getstr(upload_lastdesc,i,K_LINE|K_EDIT|K_AUTODEL);
if(sys_status&SS_ABORT) if(sys_status&SS_ABORT)
return; return(false);
if(descend[0]) /* end of desc specified, so pad desc with spaces */ if(descend[0]) /* end of desc specified, so pad desc with spaces */
sprintf(f.desc,"%s%-*s%s",descbeg,i,upload_lastdesc,descend); sprintf(f.desc,"%s%-*s%s",descbeg,i,upload_lastdesc,descend);
else /* no end specified, so string ends at desc end */ else /* no end specified, so string ends at desc end */
...@@ -434,11 +455,11 @@ void sbbs_t::upload(uint dirnum) ...@@ -434,11 +455,11 @@ void sbbs_t::upload(uint dirnum)
if(src[0]) { /* being copied from another local dir */ if(src[0]) { /* being copied from another local dir */
bprintf(text[RetrievingFile],fname); bprintf(text[RetrievingFile],fname);
if(mv(src,str,1)) if(mv(src,str,1))
return; return(false);
CRLF; } CRLF; }
if(fexist(str)) { /* File is on disk */ if(fexist(str)) { /* File is on disk */
if(!uploadfile(&f)) if(!uploadfile(&f))
return; } return(false); }
else { else {
menu("ulprot"); menu("ulprot");
SYNC; SYNC;
...@@ -454,7 +475,7 @@ void sbbs_t::upload(uint dirnum) ...@@ -454,7 +475,7 @@ void sbbs_t::upload(uint dirnum)
strcat(keys,tmp); } strcat(keys,tmp); }
ch=(char)getkeys(keys,0); ch=(char)getkeys(keys,0);
if(ch=='Q') if(ch=='Q')
return; return(false);
if(ch=='B') { if(ch=='B') {
if(batup_total>=cfg.max_batup) if(batup_total>=cfg.max_batup)
bputs(text[BatchUlQueueIsFull]); bputs(text[BatchUlQueueIsFull]);
...@@ -462,7 +483,7 @@ void sbbs_t::upload(uint dirnum) ...@@ -462,7 +483,7 @@ void sbbs_t::upload(uint dirnum)
for(i=0;i<batup_total;i++) for(i=0;i<batup_total;i++)
if(!strcmp(batup_name[i],f.name)) { if(!strcmp(batup_name[i],f.name)) {
bprintf(text[FileAlreadyInQueue],f.name); bprintf(text[FileAlreadyInQueue],f.name);
return; } return(false); }
strcpy(batup_name[batup_total],f.name); strcpy(batup_name[batup_total],f.name);
strcpy(batup_desc[batup_total],f.desc); strcpy(batup_desc[batup_total],f.desc);
batup_dir[batup_total]=dirnum; batup_dir[batup_total]=dirnum;
...@@ -485,12 +506,12 @@ void sbbs_t::upload(uint dirnum) ...@@ -485,12 +506,12 @@ void sbbs_t::upload(uint dirnum)
ch=uploadfile(&f); ch=uploadfile(&f);
autohangup(); autohangup();
if(!ch) /* upload failed, don't process user to user xfer */ if(!ch) /* upload failed, don't process user to user xfer */
return; } } } return(false); } } }
if(dirnum==cfg.user_dir) { /* Add files to XFER.IXT in INDX dir */ if(dirnum==cfg.user_dir) { /* Add files to XFER.IXT in INDX dir */
sprintf(str,"%sxfer.ixt",cfg.data_dir); sprintf(str,"%sxfer.ixt",cfg.data_dir);
if((file=nopen(str,O_WRONLY|O_CREAT|O_APPEND))==-1) { if((file=nopen(str,O_WRONLY|O_CREAT|O_APPEND))==-1) {
errormsg(WHERE,ERR_OPEN,str,O_WRONLY|O_CREAT|O_APPEND); errormsg(WHERE,ERR_OPEN,str,O_WRONLY|O_CREAT|O_APPEND);
return; } return(false); }
for(j=0;j<destusers;j++) { for(j=0;j<destusers;j++) {
for(i=1;i<=cfg.sys_nodes;i++) { /* Tell user, if online */ for(i=1;i<=cfg.sys_nodes;i++) { /* Tell user, if online */
getnodedat(i,&node,0); getnodedat(i,&node,0);
...@@ -507,6 +528,7 @@ void sbbs_t::upload(uint dirnum) ...@@ -507,6 +528,7 @@ void sbbs_t::upload(uint dirnum)
write(file,str,strlen(str)); } write(file,str,strlen(str)); }
close(file); close(file);
} }
return(true);
} }
/****************************************************************************/ /****************************************************************************/
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment