Update of /cvsroot/sandweb/sandweb/lib/SandWeb/File
In directory usw-pr-cvs1:/tmp/cvs-serv17665/lib/SandWeb/File
Modified Files:
Unix.pm
Log Message:
adding Security class, centralizes standard security checks for user input in SandWeb
Index: Unix.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/File/Unix.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -U2 -r1.5 -r1.6
--- Unix.pm 14 Aug 2002 06:01:55 -0000 1.5
+++ Unix.pm 26 Aug 2002 06:59:47 -0000 1.6
@@ -27,4 +27,5 @@
use SandWeb::Shell;
+use SandWeb::Security;
sub new {
@@ -32,13 +33,19 @@
my %args = @_;
- my $filename = $args{'filename'};
- # Security check, no "/.." or "../" allowed mister!
-
- if ($filename) {
- $filename =~ s:/\.\.::g;
- $filename =~ s:\.\./::g;
- }
+ my $unsafe_filename = $args{'filename'};
+ my $unsafe_location = $args{'location'};
+
+ # Security check
+ my $secure = SandWeb::Security->new();
+
+ my $filename = $secure->path(
+ filename => "$unsafe_filename"
+ );
+
+ my $location = $secure->path(
+ filename => "$unsafe_location"
+ );
+
my $log_obj = $args{'log_obj'};
- my $location = $args{'location'};
my $raw_file_info = _shell(
@@ -185,4 +192,30 @@
}
+sub exists {
+ my $self = shift;
+ my %args = @_;
+ my $location = $self->{'location'};
+ my $filename = $self->{'filename'};
+ my $contents = $args{'contents'};
+ my $log = $self->{'log_obj'};
+
+ $log->debug("checking for existence of file : $location/$filename");
+
+ my $exists = _shell(
+ method => 'execute',
+ command => "file \"$location/$filename\"",
+ );
+
+ my $return;
+
+ if ($exists =~ '(No such file or directory)') {
+ $return = 0;
+ } else {
+ $return = 1;
+ }
+
+ return $return;
+}
+
sub create_file {
my $self = shift;
@@ -195,5 +228,5 @@
$log->debug("creating file : $location/$filename");
- my $create_file = _shell(
+ my $return = _shell(
method => 'execute',
command => "touch \"$location/$filename\"",
|
