Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit e779b88d authored by Rob Swindell's avatar Rob Swindell 💬

Ignore filenames in subject that aren't valid filenames, e.g. "Fwd:"

There were 2 bug identified by issue #230:
- the "Fwd:" prefix being added to the message subject was being treated as a filename. I first thought to just remove this subject tag, but then thought it best to just ignore obviously invalid filenames in the subject in the first place.

- when forwarding files to a netmail address, the 'to' extension (user number) is 0, so the file will be in the data/file/####.out directory of the sender instead.

We have 4 places (at least) where the message subjects are parsed and only one of those places currently supports quoted filenames (e.g. with spaces in them) and some of the others (e.g. QWK) don't support multiple filenames at all. That should be fixed.
parent b1908193
......@@ -92,9 +92,11 @@ BOOL DLLCALL delfattach(scfg_t* cfg, smbmsg_t* msg)
sp=strrchr(tp,'/'); /* sp is slash pointer */
if(!sp) sp=strrchr(tp,'\\');
if(sp) tp=sp+1;
SAFEPRINTF2(path, "%s/%s", dir, tp);
if(remove(path) != 0)
return FALSE;
if(strcspn(tp, ILLEGAL_FILENAME_CHARS) == strlen(tp)) {
SAFEPRINTF2(path, "%s/%s", dir, tp);
if(remove(path) != 0)
return FALSE;
}
if(!p)
break;
tp=p+1;
......
......@@ -405,58 +405,60 @@ void sbbs_t::download_msg_attachments(smb_t* smb, smbmsg_t* msg, bool del)
tp=getfname(tp);
file_t fd;
fd.dir=cfg.total_dirs+1; /* temp dir for file attachments */
padfname(tp,fd.name);
SAFEPRINTF3(fpath,"%sfile/%04u.in/%s" /* path is path/fname */
,cfg.data_dir, msg->idx.to, tp);
if(!fexistcase(fpath) && msg->idx.from)
SAFEPRINTF3(fpath,"%sfile/%04u.out/%s" /* path is path/fname */
,cfg.data_dir, msg->idx.from,tp);
long length=(long)flength(fpath);
if(length<1)
bprintf(text[FileDoesNotExist], tp);
else if(!(useron.exempt&FLAG('T')) && cur_cps && !SYSOP
&& length/(long)cur_cps>(time_t)timeleft)
bputs(text[NotEnoughTimeToDl]);
else {
char tmp[512];
int i;
SAFEPRINTF2(str, text[DownloadAttachedFileQ]
,getfname(fpath),ultoac(length,tmp));
if(length>0L && text[DownloadAttachedFileQ][0] && yesno(str)) {
{ /* Remote User */
xfer_prot_menu(XFER_DOWNLOAD);
mnemonics(text[ProtocolOrQuit]);
strcpy(str,"Q");
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0]
&& chk_ar(cfg.prot[i]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[i]->mnemonic);
SAFECAT(str,tmp);
}
ch=(char)getkeys(str,0);
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0] && ch==cfg.prot[i]->mnemonic
&& chk_ar(cfg.prot[i]->ar,&useron,&client))
break;
if(i<cfg.total_prots) {
int error = protocol(cfg.prot[i], XFER_DOWNLOAD, fpath, nulstr, false);
if(checkprotresult(cfg.prot[i],error,&fd)) {
if(del)
(void)remove(fpath);
logon_dlb+=length; /* Update stats */
logon_dls++;
useron.dls=(ushort)adjustuserrec(&cfg,useron.number
,U_DLS,5,1);
useron.dlb=adjustuserrec(&cfg,useron.number
,U_DLB,10,length);
bprintf(text[FileNBytesSent]
,fd.name,ultoac(length,tmp));
SAFEPRINTF(str
,"downloaded attached file: %s"
,fd.name);
logline("D-",str);
if(strcspn(tp, ILLEGAL_FILENAME_CHARS) == strlen(tp)) {
padfname(tp,fd.name);
SAFEPRINTF3(fpath,"%sfile/%04u.in/%s" /* path is path/fname */
,cfg.data_dir, msg->idx.to, tp);
if(!fexistcase(fpath) && msg->idx.from)
SAFEPRINTF3(fpath,"%sfile/%04u.out/%s" /* path is path/fname */
,cfg.data_dir, msg->idx.from,tp);
long length=(long)flength(fpath);
if(length<1)
bprintf(text[FileDoesNotExist], tp);
else if(!(useron.exempt&FLAG('T')) && cur_cps && !SYSOP
&& length/(long)cur_cps>(time_t)timeleft)
bputs(text[NotEnoughTimeToDl]);
else {
char tmp[512];
int i;
SAFEPRINTF2(str, text[DownloadAttachedFileQ]
,getfname(fpath),ultoac(length,tmp));
if(length>0L && text[DownloadAttachedFileQ][0] && yesno(str)) {
{ /* Remote User */
xfer_prot_menu(XFER_DOWNLOAD);
mnemonics(text[ProtocolOrQuit]);
strcpy(str,"Q");
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0]
&& chk_ar(cfg.prot[i]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[i]->mnemonic);
SAFECAT(str,tmp);
}
ch=(char)getkeys(str,0);
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0] && ch==cfg.prot[i]->mnemonic
&& chk_ar(cfg.prot[i]->ar,&useron,&client))
break;
if(i<cfg.total_prots) {
int error = protocol(cfg.prot[i], XFER_DOWNLOAD, fpath, nulstr, false);
if(checkprotresult(cfg.prot[i],error,&fd)) {
if(del)
(void)remove(fpath);
logon_dlb+=length; /* Update stats */
logon_dls++;
useron.dls=(ushort)adjustuserrec(&cfg,useron.number
,U_DLS,5,1);
useron.dlb=adjustuserrec(&cfg,useron.number
,U_DLB,10,length);
bprintf(text[FileNBytesSent]
,fd.name,ultoac(length,tmp));
SAFEPRINTF(str
,"downloaded attached file: %s"
,fd.name);
logline("D-",str);
}
autohangup();
}
autohangup();
}
}
}
......
......@@ -907,8 +907,11 @@ static ulong sockmsgtxt(SOCKET socket, const char* prot, CRYPT_SESSION sess, smb
break;
} else
*tp = '\0';
SAFEPRINTF2(filepath, "%s/%s", dirname, getfname(truncsp(p)));
strListPush(&file_list, filepath);
char* fname = getfname(truncsp(p));
if(strcspn(fname, ILLEGAL_FILENAME_CHARS) == strlen(fname)) {
SAFEPRINTF2(filepath, "%s/%s", dirname, fname);
strListPush(&file_list, filepath);
}
if(tp == NULL)
break;
p = tp + 1;
......
......@@ -1306,13 +1306,14 @@ bool sbbs_t::editfile(char *fname, bool msg)
/*************************/
/* Copy file attachments */
/* TODO: Quoted filename support */
/*************************/
bool sbbs_t::copyfattach(uint to, uint from, const char* subj)
{
char str[128],str2[128],str3[128],*tp,*sp,*p;
char str[128], dest[MAX_PATH + 1], src[MAX_PATH + 1], *tp, *sp, *p;
bool result = false;
strcpy(str, subj);
SAFECOPY(str, subj);
tp=str;
while(1) {
p=strchr(tp,' ');
......@@ -1320,12 +1321,13 @@ bool sbbs_t::copyfattach(uint to, uint from, const char* subj)
sp=strrchr(tp,'/'); /* sp is slash pointer */
if(!sp) sp=strrchr(tp,'\\');
if(sp) tp=sp+1;
SAFEPRINTF3(str2,"%sfile/%04u.in/%s" /* str2 is path/fname */
,cfg.data_dir,to,tp);
SAFEPRINTF3(str3,"%sfile/%04u.in/%s" /* str2 is path/fname */
,cfg.data_dir,from,tp);
if(strcmp(str2,str3)) {
if(mv(str3, str2, /* copy */true) != 0)
if(strcspn(tp, ILLEGAL_FILENAME_CHARS) == strlen(tp)) {
if(to == 0)
SAFEPRINTF3(dest,"%sfile/%04u.out/%s", cfg.data_dir, from, tp);
else
SAFEPRINTF3(dest,"%sfile/%04u.in/%s", cfg.data_dir, to, tp);
SAFEPRINTF3(src,"%sfile/%04u.in/%s", cfg.data_dir, from, tp);
if(mv(src, dest, /* copy */true) != 0)
return false;
result = true;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment