[Sandweb-commit] CVS: sandweb/lib/SandWeb/File Unix.pm,1.5,1.6

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/sandweb/sandweb/lib/SandWeb/File
In directory usw-pr-cvs1:/tmp/cvs-serv17665/lib/SandWeb/File

Modified Files:
	Unix.pm 
Log Message:
adding Security class, centralizes standard security checks for user input in SandWeb

Index: Unix.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/File/Unix.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -U2 -r1.5 -r1.6

--- Unix.pm	14 Aug 2002 06:01:55 -0000	1.5
+++ Unix.pm	26 Aug 2002 06:59:47 -0000	1.6
@@ -27,4 +27,5 @@
 
 use SandWeb::Shell;
+use SandWeb::Security;
 
 sub new {
@@ -32,13 +33,19 @@
 	my %args = @_;
 
-	my $filename = $args{'filename'};
-	# Security check, no "/.." or "../" allowed mister!
-	
-	if ($filename) {
-        	$filename =~ s:/\.\.::g;
-        	$filename =~ s:\.\./::g;
-	}
+	my $unsafe_filename = $args{'filename'};
+	my $unsafe_location = $args{'location'};
+
+	# Security check
+	my $secure = SandWeb::Security->new();
+
+	my $filename = $secure->path( 
+		filename => "$unsafe_filename" 
+	);
+
+	my $location = $secure->path( 
+		filename => "$unsafe_location" 
+	);
+
 	my $log_obj = $args{'log_obj'};
-	my $location = $args{'location'};
 
 	my $raw_file_info = _shell(
@@ -185,4 +192,30 @@
 }
 
+sub exists {
+	my $self = shift;
+	my %args = @_;
+	my $location = $self->{'location'};
+	my $filename = $self->{'filename'};
+	my $contents = $args{'contents'};
+	my $log = $self->{'log_obj'};
+
+	$log->debug("checking for existence of file : $location/$filename");
+
+	my $exists = _shell(
+		method => 'execute',
+		command => "file \"$location/$filename\"",
+	);
+
+	my $return;
+
+	if ($exists =~ '(No such file or directory)') {
+		$return = 0;
+	} else {
+		$return = 1;
+	}
+
+	return $return;
+}
+
 sub create_file {
 	my $self = shift;
@@ -195,5 +228,5 @@
 	$log->debug("creating file : $location/$filename");
 
-	my $create_file = _shell(
+	my $return = _shell(
 		method => 'execute',
 		command => "touch \"$location/$filename\"",



