From: <de...@de...> - 2007-02-26 01:16:53
|
Author: KennethLavrsen Date: 2007-02-25 19:16:47 -0600 (Sun, 25 Feb 2007) New Revision: 12972 Modified: twiki/branches/MAIN/lib/TWiki.pm twiki/branches/MAIN/lib/TWiki/Client.pm twiki/branches/MAIN/lib/TWiki/UI.pm Log: Item3568: TWiki now properly auto creates {TempfileDir} no matter which version of CGI::Session you have. Also made similar update for passthru and cleaned up additional bad code related to passthru Modified: twiki/branches/MAIN/lib/TWiki/Client.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-25 19:31:24 UTC (rev 12971) +++ twiki/branches/MAIN/lib/TWiki/Client.pm 2007-02-26 01:16:47 UTC (rev 12972) @@ -239,6 +239,17 @@ _trace($this, "No cookie "); } + # Item3568: CGI::Session from 4.0 already does the -d and creates the + # sessions directory if it does not exist. For performance reasons we + # only test for and create session file directory for older CGI::Session + if( $CGI::Session::VERSION < 4.0 ) { + unless ( -d $TWiki::cfg{TempfileDir} ) { + unless ( mkdir($TWiki::cfg{TempfileDir}) ) { + die "Could not create $TWiki::cfg{TempfileDir} for session files"; + } + } + } + # First, see if there is a cookied session, creating a new session # if necessary. if( $TWiki::cfg{Sessions}{MapIP2SID} ) { Modified: twiki/branches/MAIN/lib/TWiki/UI.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki/UI.pm 2007-02-25 19:31:24 UTC (rev 12971) +++ twiki/branches/MAIN/lib/TWiki/UI.pm 2007-02-26 01:16:47 UTC (rev 12972) @@ -104,25 +104,27 @@ read(STDIN, my $buf, $content_length, 0 ) if $content_length; } my $cache = $query->param('twiki_redirect_cache'); - if ($cache) { - $cache = TWiki::Sandbox::untaintUnchecked($cache); + # Never trust input data from a query. We will only accept an MD5 32 character string + if ($cache && $cache =~ /^([a-f0-9]{32})$/) { + $cache = $1; # Read cached post parameters - if (open(F, '<'.$cache)) { + my $passthruFilename = $TWiki::cfg{TempfileDir} . '/passthru_' . $cache; + if (open(F, '<'.$passthruFilename)) { local $/; if (TRACE_PASSTHRU) { print STDERR "Passthru: Loading cache for ", $query->url(),'?',$query->query_string(),"\n"; print STDERR <F>,"\n"; close(F); - open(F, '<'.$cache); + open(F, '<'.$passthruFilename); } $query = new CGI(\*F); close(F); - unlink($cache); - print STDERR "Passtrhru: Loaded and unlinked $cache\n" + unlink($passthruFilename); + print STDERR "Passthru: Loaded and unlinked $passthruFilename\n" if TRACE_PASSTHRU; } else { - print STDERR "Passtrhru: Could not find $cache\n" + print STDERR "Passthru: Could not find $passthruFilename\n" if TRACE_PASSTHRU; } } Modified: twiki/branches/MAIN/lib/TWiki.pm =================================================================== --- twiki/branches/MAIN/lib/TWiki.pm 2007-02-25 19:31:24 UTC (rev 12971) +++ twiki/branches/MAIN/lib/TWiki.pm 2007-02-26 01:16:47 UTC (rev 12972) @@ -778,8 +778,16 @@ require Digest::MD5; my $md5 = new Digest::MD5(); $md5->add($$, time(), rand(time)); - my $uid = $TWiki::cfg{TempfileDir}.'/passthru_'.$md5->hexdigest(); - open(F, ">$uid") || die "{TempfileDir} cache not writable $!"; + my $uid = $md5->hexdigest(); + my $passthruFilename = $TWiki::cfg{TempfileDir} . '/passthru_' . $uid; + + unless ( -d $TWiki::cfg{TempfileDir} ) { + unless ( mkdir($TWiki::cfg{TempfileDir}) ) { + die "Could not create $TWiki::cfg{TempfileDir} for passthrough files"; + } + } + + open(F, ">$passthruFilename") || die "{TempfileDir} cache not writable $!"; $query->save(\*F); close(F); return 'twiki_redirect_cache='.$uid; |