Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v
diff -u -r1.61.2.30 -r1.61.2.31
--- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Aug 2022 15:37:01 -0000 1.61.2.30
+++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Aug 2022 16:01:27 -0000 1.61.2.31
@@ -1949,22 +1949,40 @@
return 1
}
-ad_page_contract_filter tmpfile { name value } {
- Checks to see that the tmpfile path is allowed on the system
+ad_page_contract_filter tmpfile { name value {options ""} } {
+ Validate a tmpfile path. This must belong to one of the configured
+ tmpfolders, either in the subsite settings or in the server-wide
+ parameter.
+
+ One can also specify the filter in "strict" mode as
+ tmpfile(strict). In this case, only the tempfolder from the
+ server-wide settings is allowed, the tempfile must be a direct
+ child of the tmpfolder and must also exist. This mimicks the
+ behavior of Aolserver/Naviserver when a tmpfile is created and can
+ be used to validate such paths.
+
@author Lars Pind (lars@pinds.com)
@creation-date 25 July 2000
} {
- if {[security::safe_tmpfile_p \
- -recursive \
- -subsite_id [ad_conn subsite_id] \
- $value]} {
- return 1
+ set strict_p [expr {"strict" in $options}]
+
+ if {$strict_p} {
+ set tmpfile_p [security::safe_tmpfile_p \
+ -must_exist \
+ $value]
+ } else {
+ set tmpfile_p [security::safe_tmpfile_p \
+ -recursive \
+ -subsite_id [ad_conn subsite_id] \
+ $value]
}
- ad_log warning "They tried to sneak in invalid tmpfile '$value'"
+ if {!$tmpfile_p} {
+ ad_log warning "They tried to sneak in invalid tmpfile '$value'"
+ ad_complain [_ acs-tcl.lt_You_specified_a_path_]
+ }
- ad_complain [_ acs-tcl.lt_You_specified_a_path_]
- return 0
+ return $tmpfile_p
}
ad_page_contract_filter clock { name value {formats "%Y-%m-%d"} } {