Index: openacs-4/packages/acs-subsite/acs-subsite.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/acs-subsite.info,v
diff -u -r1.131.2.28 -r1.131.2.29
--- openacs-4/packages/acs-subsite/acs-subsite.info 15 Jul 2022 14:23:52 -0000 1.131.2.28
+++ openacs-4/packages/acs-subsite/acs-subsite.info 26 Aug 2022 12:06:43 -0000 1.131.2.29
@@ -9,7 +9,7 @@
<implements-subsite-p>t</implements-subsite-p>
<inherit-templates-p>t</inherit-templates-p>
- <version name="5.10.1d4" url="http://openacs.org/repository/download/apm/acs-subsite-5.10.1d4.apm">
+ <version name="5.10.1d5" url="http://openacs.org/repository/download/apm/acs-subsite-5.10.1d5.apm">
<owner url="http://openacs.org">OpenACS</owner>
<summary>Subsite</summary>
<release-date>2021-09-15</release-date>
@@ -18,12 +18,12 @@
<license>GPL</license>
<maturity>3</maturity>
- <provides url="acs-subsite" version="5.10.1d4"/>
+ <provides url="acs-subsite" version="5.10.1d5"/>
<requires url="acs-authentication" version="5.10.0"/>
<requires url="acs-content-repository" version="5.10.0"/>
<requires url="acs-kernel" version="5.10.0"/>
<requires url="acs-templating" version="5.10.1d6"/>
- <requires url="acs-tcl" version="5.10.0"/>
+ <requires url="acs-tcl" version="5.10.1d22"/>
<requires url="acs-lang" version="5.10.0"/>
<requires url="acs-mail-lite" version="5.10.0"/>
@@ -149,14 +149,14 @@
<parameter scope="instance" datatype="text" min_n_values="1" max_n_values="1" name="ThemeJS" default=""
description="A list of lists of JS specifications of the form '-attribute value' pairs to use with this theme. The allowed attributes are defined by the arguments of template::add_script. Set by the admin theme-switching UI." section_name="theming"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="ThemeKey" default="default_plain" description="Key of the acs-templating theme for this subsite. Set by the admin theme-switching UI." section_name="theming"/>
- <parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="TmpDir" default="" description="What tmp directories are used on this system? Could be something like '/tmp /var/tmp', note the leading / character. If this value is empty, 'ns_config ns/parameters tmpdir' is used"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="UserHomeTemplate" default="/packages/acs-subsite/lib/home" description="Name of the template used for the user home page" section_name="Templates"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="UserInfoTemplate" default="/packages/acs-subsite/lib/user-info" description="Name of the template used for description of a user" section_name="Templates"/>
<parameter scope="instance" datatype="text" min_n_values="1" max_n_values="1" name="UserNavbarTabsList" default="home {label #acs-subsite.Subsite_Home#}" description="Navigation tabs to show to users" section_name="Navigation Tabs"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="UserNewTemplate" default="/packages/acs-subsite/lib/user-new" description="Name of the template used for creation of a new user" section_name="Templates"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="application" default="default" description="Name of the ETP application to use (default, faq, wiki, or create your own with the etp::define_application procedure)" section_name="EditThisPage"/>
<parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="subtopic_application" default="default" description="Name of the ETP application to use when creating a subtopic" section_name="EditThisPage"/>
- </parameters>
+ <parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1" name="TmpDir" default="" description="What tmp directories are used on this system? Could be something like '/tmp /var/tmp', note the leading / character. If this value is empty, 'ns_config ns/parameters tmpdir' is used. NOTICE: this parameter is deprecated hand has no effect. Please use ns_config ns/parameters tmpdir to configure your temporary folder." section_name="Deprecated"/>
+ </parameters>
</version>
</package>
Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -r1.95.2.51 -r1.95.2.52
--- openacs-4/packages/acs-tcl/acs-tcl.info 25 Aug 2022 12:37:13 -0000 1.95.2.51
+++ openacs-4/packages/acs-tcl/acs-tcl.info 26 Aug 2022 12:06:43 -0000 1.95.2.52
@@ -9,7 +9,7 @@
<implements-subsite-p>f</implements-subsite-p>
<inherit-templates-p>t</inherit-templates-p>
- <version name="5.10.1d21" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1d21.apm">
+ <version name="5.10.1d22" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1d22.apm">
<owner url="http://openacs.org">OpenACS</owner>
<summary>The Kernel Tcl API library.</summary>
<release-date>2021-09-15</release-date>
@@ -18,7 +18,7 @@
<license>GPL version 2</license>
<maturity>3</maturity>
- <provides url="acs-tcl" version="5.10.1d21"/>
+ <provides url="acs-tcl" version="5.10.1d22"/>
<requires url="acs-bootstrap-installer" version="5.10.0"/>
<requires url="acs-kernel" version="5.10.1d3"/>
Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.126.2.73 -r1.126.2.74
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 25 Aug 2022 15:37:01 -0000 1.126.2.73
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 26 Aug 2022 12:06:43 -0000 1.126.2.74
@@ -1174,8 +1174,6 @@
ad_proc security::safe_tmpfile_p {
-must_exist:boolean
- -recursive:boolean
- -subsite_id
tmpfile
} {
@@ -1188,13 +1186,6 @@
@param tmpfile absolute path to a possibly existing tmpfile
@param must_exist make sure the file exists
- @param recursive accept also files in a subfolder of a valid
- tmpfolder
- @param subsite_id when specified, the list of allowed tmpdirs will
- be taken from the TmpDir subsite
- parameter. Server-wide configuration will be
- used if no subsite is specified or if the
- parameter turns out to be empty.
@return boolean
} {
@@ -1203,36 +1194,11 @@
#
set tmpfile [ns_normalizepath $tmpfile]
- if {[info exists subsite_id]} {
+ if {[ad_file dirname $tmpfile] ni [ns_config ns/parameters tmpdir]} {
#
- # We fetch the tmpdirs from the subsite parameter
- #
- set tmpdirs [parameter::get -package_id $subsite_id -parameter TmpDir]
- } else {
- set tmpdirs [list]
- }
-
- if {[llength $tmpdirs] == 0} {
- #
- # Server-wide tmpdirs
- #
- set tmpdirs [ns_config ns/parameters tmpdir]
- }
-
- if {!$recursive_p && [ad_file dirname $tmpfile] ni $tmpdirs} {
- #
# File is not a direct child of one of the tmpfolders: not safe
#
return false
- } else {
- #
- # File does not belong to the hierarchy of any of the
- # tmpfolders: not safe
- #
- set separator [file separator]
- if { ![regexp ^([join $tmpdirs |])${separator}.*\$ $tmpfile] } {
- return false
- }
}
if {![ad_file exists $tmpfile]} {
Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v
diff -u -r1.61.2.31 -r1.61.2.32
--- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 25 Aug 2022 16:01:27 -0000 1.61.2.31
+++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 26 Aug 2022 12:06:44 -0000 1.61.2.32
@@ -1949,34 +1949,20 @@
return 1
}
-ad_page_contract_filter tmpfile { name value {options ""} } {
- Validate a tmpfile path. This must belong to one of the configured
- tmpfolders, either in the subsite settings or in the server-wide
- parameter.
+ad_page_contract_filter tmpfile { name value } {
+ Validate a tmpfile path. This must exist, be a direct child of the
+ configured tmpfolder in the server-wide parameter and be readable
+ and writable by the current user.
- One can also specify the filter in "strict" mode as
- tmpfile(strict). In this case, only the tempfolder from the
- server-wide settings is allowed, the tempfile must be a direct
- child of the tmpfolder and must also exist. This mimicks the
- behavior of Aolserver/Naviserver when a tmpfile is created and can
- be used to validate such paths.
+ Example usage: uploaded_file.tmpfile:tmpfile,optional
@author Lars Pind (lars@pinds.com)
@creation-date 25 July 2000
} {
- set strict_p [expr {"strict" in $options}]
+ set tmpfile_p [security::safe_tmpfile_p \
+ -must_exist \
+ $value]
- if {$strict_p} {
- set tmpfile_p [security::safe_tmpfile_p \
- -must_exist \
- $value]
- } else {
- set tmpfile_p [security::safe_tmpfile_p \
- -recursive \
- -subsite_id [ad_conn subsite_id] \
- $value]
- }
-
if {!$tmpfile_p} {
ad_log warning "They tried to sneak in invalid tmpfile '$value'"
ad_complain [_ acs-tcl.lt_You_specified_a_path_]
Index: openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl,v
diff -u -r1.1.2.7 -r1.1.2.8
--- openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 25 Aug 2022 15:37:02 -0000 1.1.2.7
+++ openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 26 Aug 2022 12:06:44 -0000 1.1.2.8
@@ -120,39 +120,16 @@
aa_true "An existing tmpfile is safe" [security::safe_tmpfile_p -must_exist $tmpfile]
file delete -- $tmpfile
- aa_section {Path to an existing file in a tmpdir subfolder}
- set tmpdir [ad_tmpnam]
- file mkdir $tmpdir
- set tmpfile $tmpdir/onefile
- set wfd [open $tmpfile w]
- puts $wfd 1234
- close $wfd
- aa_false "File is not considered safe when not searching recursively" \
- [security::safe_tmpfile_p -must_exist $tmpfile]
- aa_true "File is considered safe when searching recursively" \
- [security::safe_tmpfile_p -recursive -must_exist $tmpfile]
- file delete -force -- $tmpdir
-
aa_section {Path to a tmpfile in a folder of the tmpdir}
set tmpfile [ad_tmpnam]/test
aa_false "A safe tmpfile can only be a direct child of the tmpdir" \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Path to a tmpfile in a folder of the tmpdir when we allow recursive paths}
- set tmpfile [ad_tmpnam]/test
- aa_true "A safe tmpfile can be a at any depth in the hierachy of a tmpdir" \
- [security::safe_tmpfile_p -recursive $tmpfile]
-
aa_section {Trying to confuse the proc with ".."}
set tmpfile [ad_tmpnam]/../../test
aa_false "Proc is not fooled by .." \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Trying to confuse the proc with ".." when we allow recursive paths}
- set tmpfile [ad_tmpnam]/../test
- aa_true "Proc is not fooled by .." \
- [security::safe_tmpfile_p -recursive $tmpfile]
-
aa_section {Trying to confuse the proc with "~"}
set tmpfile ~/../../test
aa_false "Proc is not fooled by ~" \
@@ -163,9 +140,4 @@
aa_false "A safe tmpfile can only be a direct child of the tmpdir" \
[security::safe_tmpfile_p $tmpfile]
- aa_section {Path to a file outside of the tmpdir when we allow recursive paths}
- set tmpfile [acs_root_dir]/mypreciouscode
- aa_false "A safe tmpfile can only be in the hierachy of the tmpdir" \
- [security::safe_tmpfile_p $tmpfile]
-
}