diff --git a/src/sbbs3/execfile.cpp b/src/sbbs3/execfile.cpp
index f4d6ef5e7bde0cdf8c0699abdbeb39bb4d95f272..48b40e393260b398fd08a13b38ced787bc85afb4 100644
--- a/src/sbbs3/execfile.cpp
+++ b/src/sbbs3/execfile.cpp
@@ -262,56 +262,30 @@ int sbbs_t::exec_file(csi_t *csi)
case CS_FILE_UPLOAD:
csi->logic=LOGIC_FALSE;
- if(useron.rest&FLAG('U')) {
- bputs(text[R_Upload]);
- return(0); }
if(usrlibs) {
i=usrdir[curlib][curdir[curlib]];
if(cfg.upload_dir!=INVALID_DIR
&& !chk_ar(cfg.dir[i]->ul_ar,&useron))
- i=cfg.upload_dir; }
- else
+ i=cfg.upload_dir;
+ } else
i=cfg.upload_dir;
-
- if((uint)i==INVALID_DIR || !chk_ar(cfg.dir[i]->ul_ar,&useron)) {
- bputs(text[CantUploadHere]);
- return(0); }
-
- if(getfiles(&cfg,i)>=cfg.dir[i]->maxfiles)
- bputs(text[DirFull]);
- else {
- upload(i);
- csi->logic=LOGIC_TRUE; }
+ csi->logic=upload(i) ? LOGIC_TRUE:LOGIC_FALSE;
return(0);
case CS_FILE_UPLOAD_USER:
csi->logic=LOGIC_FALSE;
if(cfg.user_dir==INVALID_DIR) {
bputs(text[NoUserDir]);
- return(0); }
- if(getfiles(&cfg,cfg.user_dir)>=cfg.dir[cfg.user_dir]->maxfiles)
- bputs(text[UserDirFull]);
- else if(useron.rest&FLAG('U'))
- bputs(text[R_Upload]);
- else if(!chk_ar(cfg.dir[cfg.user_dir]->ul_ar,&useron))
- bputs(text[CantUploadToUser]);
- else {
- upload(cfg.user_dir);
- csi->logic=LOGIC_TRUE; }
+ return(0);
+ }
+ csi->logic=upload(cfg.user_dir) ? LOGIC_TRUE:LOGIC_FALSE;
return(0);
case CS_FILE_UPLOAD_SYSOP:
csi->logic=LOGIC_FALSE;
if(cfg.sysop_dir==INVALID_DIR) {
bputs(text[NoSysopDir]);
- return(0); }
- if(getfiles(&cfg,cfg.sysop_dir)>=cfg.dir[cfg.sysop_dir]->maxfiles)
- bputs(text[DirFull]);
- else if(useron.rest&FLAG('U'))
- bputs(text[R_Upload]);
- else if(!chk_ar(cfg.dir[cfg.sysop_dir]->ul_ar,&useron))
- bputs(text[CantUploadToSysop]);
- else {
- upload(cfg.sysop_dir);
- csi->logic=LOGIC_TRUE; }
+ return(0);
+ }
+ csi->logic=upload(cfg.sysop_dir) ? LOGIC_TRUE:LOGIC_FALSE;
return(0);
case CS_FILE_DOWNLOAD:
if(!usrlibs) return(0);
diff --git a/src/sbbs3/sbbs.h b/src/sbbs3/sbbs.h
index bf54957895ea354a232eb8f3087a5e4247b9580e..a716eb687c48a911390f94f03ef89fb1c4028a51 100644
--- a/src/sbbs3/sbbs.h
+++ b/src/sbbs3/sbbs.h
@@ -555,7 +555,7 @@ public:
/* upload.cpp */
bool uploadfile(file_t* f);
char sbbsfilename[128],sbbsfiledesc[128]; /* env vars */
- void upload(uint dirnum);
+ bool upload(uint dirnum);
char upload_lastdesc[LEN_FDESC+1];
void update_uldate(file_t* f);
bool bulkupload(uint dirnum);
diff --git a/src/sbbs3/upload.cpp b/src/sbbs3/upload.cpp
index f6bc1d2b0f094a701b5e4c4e1ae90b8605fb928c..030c4262b4c0515ee3d5c5b6db4b225fa7f18e04 100644
--- a/src/sbbs3/upload.cpp
+++ b/src/sbbs3/upload.cpp
@@ -260,7 +260,7 @@ void sbbs_t::update_uldate(file_t* f)
/****************************************************************************/
/* Uploads files */
/****************************************************************************/
-void sbbs_t::upload(uint dirnum)
+bool sbbs_t::upload(uint dirnum)
{
char str[256],src[256]={""},descbeg[25]={""},descend[25]={""},path[256]
,fname[13],keys[256],ch,*p;
@@ -273,6 +273,25 @@ void sbbs_t::upload(uint dirnum)
user_t user;
node_t node;
+ /* Security Checks */
+ if(useron.rest&FLAG('U')) {
+ bputs(text[R_Upload]);
+ return(false);
+ }
+ if(dirnum==INVALID_DIR) {
+ bputs(text[CantUploadHere]);
+ return(false);
+ }
+ if(!chk_ar(cfg.dir[dirnum]->ul_ar,&useron)) {
+ bputs(dirnum==cfg.user_dir ? text[CantUploadToUser] :
+ dirnum==cfg.sysop_dir ? text[CantUploadToSysop] : text[CantUploadHere]);
+ return(false);
+ }
+ if(getfiles(&cfg,dirnum)>=cfg.dir[dirnum]->maxfiles) {
+ bputs(dirnum==cfg.user_dir ? text[UserDirFull] : text[DirFull]);
+ return(false);
+ }
+
if(sys_status&SS_EVENT && online==ON_REMOTE && !dir_op(dirnum))
bprintf(text[UploadBeforeEvent],timeleft/60);
if(altul)
@@ -288,7 +307,8 @@ void sbbs_t::upload(uint dirnum)
sprintf(str,"Diskspace is low: %s (%lu bytes)",path,space);
errorlog(str);
if(!dir_op(dirnum))
- return; }
+ return(false);
+ }
bprintf(text[DiskNBytesFree],ultoac(space,tmp));
f.dir=curdirnum=dirnum;
@@ -299,7 +319,8 @@ void sbbs_t::upload(uint dirnum)
|| !checkfname(fname) || (trashcan(fname,"file") && !dir_op(dirnum))) {
if(fname[0])
bputs(text[BadFilename]);
- return; }
+ return(false);
+ }
if(dirnum==cfg.sysop_dir)
sprintf(str,text[UploadToSysopDirQ],fname);
else if(dirnum==cfg.user_dir)
@@ -307,21 +328,21 @@ void sbbs_t::upload(uint dirnum)
else
sprintf(str,text[UploadToCurDirQ],fname,cfg.lib[cfg.dir[dirnum]->lib]->sname
,cfg.dir[dirnum]->sname);
- if(!yesno(str)) return;
+ if(!yesno(str)) return(false);
action=NODE_ULNG;
padfname(fname,f.name);
sprintf(str,"%s%s",path,fname);
if(fexist(str)) { /* File is on disk */
if(!dir_op(dirnum) && online!=ON_LOCAL) { /* local users or sysops */
bprintf(text[FileAlreadyThere],fname);
- return; }
+ return(false); }
if(!yesno(text[FileOnDiskAddQ]))
- return; }
+ return(false); }
else if(online==ON_LOCAL) {
bputs(text[FileNotOnDisk]);
bputs(text[EnterPath]);
if(!getstr(tmp,60,K_LINE|K_UPPER))
- return;
+ return(false);
backslash(tmp);
sprintf(src,"%s%s",tmp,fname); }
strcpy(str,cfg.dir[dirnum]->exts);
@@ -339,7 +360,7 @@ void sbbs_t::upload(uint dirnum)
bputs(text[TheseFileExtsOnly]);
bputs(cfg.dir[dirnum]->exts);
CRLF;
- if(!dir_op(dirnum)) return; }
+ if(!dir_op(dirnum)) return(false); }
bputs(text[SearchingForDupes]);
for(i=k=0;i<usrlibs;i++)
for(j=0;j<usrdirs[i];j++,k++) {
@@ -351,9 +372,9 @@ void sbbs_t::upload(uint dirnum)
bputs(text[SearchedForDupes]);
bprintf(text[FileAlreadyOnline],f.name);
if(!dir_op(dirnum))
- return; /* File is in database for another dir */
+ return(false); /* File is in database for another dir */
if(usrdir[i][j]==dirnum)
- return; } } /* don't allow duplicates */
+ return(false); } } /* don't allow duplicates */
bputs(text[SearchedForDupes]);
if(dirnum==cfg.user_dir) { /* User to User transfer */
bputs(text[EnterAfterLastDestUser]);
@@ -382,13 +403,13 @@ void sbbs_t::upload(uint dirnum)
else {
CRLF; } }
if(!destusers)
- return; }
+ return(false); }
if(cfg.dir[dirnum]->misc&DIR_RATE) {
SYNC;
bputs(text[RateThisFile]);
ch=getkey(K_ALPHA);
if(!isalpha(ch) || sys_status&SS_ABORT)
- return;
+ return(false);
CRLF;
sprintf(descbeg,text[Rated],toupper(ch)); }
if(cfg.dir[dirnum]->misc&DIR_ULDATE) {
@@ -402,10 +423,10 @@ void sbbs_t::upload(uint dirnum)
if(!noyes(text[MultipleDiskQ])) {
bputs(text[HowManyDisksTotal]);
if((int)(i=getnum(99))<2)
- return;
+ return(false);
bputs(text[NumberOfFile]);
if((int)(j=getnum(i))<1)
- return;
+ return(false);
if(j==1)
upload_lastdesc[0]=0;
if(i>9)
@@ -420,7 +441,7 @@ void sbbs_t::upload(uint dirnum)
i=LEN_FDESC-(strlen(descbeg)+strlen(descend));
getstr(upload_lastdesc,i,K_LINE|K_EDIT|K_AUTODEL);
if(sys_status&SS_ABORT)
- return;
+ return(false);
if(descend[0]) /* end of desc specified, so pad desc with spaces */
sprintf(f.desc,"%s%-*s%s",descbeg,i,upload_lastdesc,descend);
else /* no end specified, so string ends at desc end */
@@ -434,11 +455,11 @@ void sbbs_t::upload(uint dirnum)
if(src[0]) { /* being copied from another local dir */
bprintf(text[RetrievingFile],fname);
if(mv(src,str,1))
- return;
+ return(false);
CRLF; }
if(fexist(str)) { /* File is on disk */
if(!uploadfile(&f))
- return; }
+ return(false); }
else {
menu("ulprot");
SYNC;
@@ -454,7 +475,7 @@ void sbbs_t::upload(uint dirnum)
strcat(keys,tmp); }
ch=(char)getkeys(keys,0);
if(ch=='Q')
- return;
+ return(false);
if(ch=='B') {
if(batup_total>=cfg.max_batup)
bputs(text[BatchUlQueueIsFull]);
@@ -462,7 +483,7 @@ void sbbs_t::upload(uint dirnum)
for(i=0;i<batup_total;i++)
if(!strcmp(batup_name[i],f.name)) {
bprintf(text[FileAlreadyInQueue],f.name);
- return; }
+ return(false); }
strcpy(batup_name[batup_total],f.name);
strcpy(batup_desc[batup_total],f.desc);
batup_dir[batup_total]=dirnum;
@@ -485,12 +506,12 @@ void sbbs_t::upload(uint dirnum)
ch=uploadfile(&f);
autohangup();
if(!ch) /* upload failed, don't process user to user xfer */
- return; } } }
+ return(false); } } }
if(dirnum==cfg.user_dir) { /* Add files to XFER.IXT in INDX dir */
sprintf(str,"%sxfer.ixt",cfg.data_dir);
if((file=nopen(str,O_WRONLY|O_CREAT|O_APPEND))==-1) {
errormsg(WHERE,ERR_OPEN,str,O_WRONLY|O_CREAT|O_APPEND);
- return; }
+ return(false); }
for(j=0;j<destusers;j++) {
for(i=1;i<=cfg.sys_nodes;i++) { /* Tell user, if online */
getnodedat(i,&node,0);
@@ -507,6 +528,7 @@ void sbbs_t::upload(uint dirnum)
write(file,str,strlen(str)); }
close(file);
}
+ return(true);
}
/****************************************************************************/