Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v diff -u -N -r1.61.2.31 -r1.61.2.32 --- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Aug 2022 16:01:27 -0000 1.61.2.31 +++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 26 Aug 2022 12:06:44 -0000 1.61.2.32 @@ -1949,34 +1949,20 @@ return 1 } -ad_page_contract_filter tmpfile { name value {options ""} } { - Validate a tmpfile path. This must belong to one of the configured - tmpfolders, either in the subsite settings or in the server-wide - parameter. +ad_page_contract_filter tmpfile { name value } { + Validate a tmpfile path. This must exist, be a direct child of the + configured tmpfolder in the server-wide parameter and be readable + and writable by the current user. - One can also specify the filter in "strict" mode as - tmpfile(strict). In this case, only the tempfolder from the - server-wide settings is allowed, the tempfile must be a direct - child of the tmpfolder and must also exist. This mimicks the - behavior of Aolserver/Naviserver when a tmpfile is created and can - be used to validate such paths. + Example usage: uploaded_file.tmpfile:tmpfile,optional @author Lars Pind (lars@pinds.com) @creation-date 25 July 2000 } { - set strict_p [expr {"strict" in $options}] + set tmpfile_p [security::safe_tmpfile_p \ + -must_exist \ + $value] - if {$strict_p} { - set tmpfile_p [security::safe_tmpfile_p \ - -must_exist \ - $value] - } else { - set tmpfile_p [security::safe_tmpfile_p \ - -recursive \ - -subsite_id [ad_conn subsite_id] \ - $value] - } - if {!$tmpfile_p} { ad_log warning "They tried to sneak in invalid tmpfile '$value'" ad_complain [_ acs-tcl.lt_You_specified_a_path_]