--- loncom/Attic/lchtmldir 2005/06/21 11:00:21 1.17
+++ loncom/Attic/lchtmldir 2007/08/22 19:03:04 1.19
@@ -70,6 +70,8 @@ use strict;
use Fcntl qw(:mode);
use DirHandle;
use POSIX;
+use lib '/home/httpd/lib/perl/';
+use LONCAPA qw(:match);
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl';
delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};
@@ -132,7 +134,7 @@ if( $authentication ne "unix:" &&
# Untaint the username.
-my $match = $username =~ /^(\w+)$/;
+my $match = $username =~ /^($match_username)$/;
my $patt = $1;
if($DEBUG) {
@@ -144,7 +146,7 @@ my $safeuser = $patt;
if($DEBUG) {
print("Save username = $safeuser \n");
}
-if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) {
+if($username ne $safeuser) {
if($DEBUG) {
print("User name $username had illegal characters\n");
}
@@ -154,32 +156,30 @@ if(($username ne $safeuser) or ($safeuse
#untaint the base directory require that the dir contain only
# alphas, / numbers or underscores, and end in /$safeuser
-$dir =~ /(^([\w\/]+))/;
-my $dirtry1 = $1;
-$dir =~ /$\/$safeuser/;
-my $dirtry2 = $1;
+my ($allowed_dir) = ($dir =~ m{(^([/]|$match_username)+)});
-if(($dirtry1 ne $dir) or ($dirtry2 ne $dir)) {
+my $has_correct_end = ($dir =~ m{/\Q$safeuser\E$});
+
+if(($allowed_dir ne $dir) or (!$has_correct_end)) {
if ($DEBUG) {
print("Directory $dir is not a valid home for $safeuser\n");
}
exit 5;
}
-
# As root, create the directory.
-my $homedir = $dirtry1;
+my $homedir = $allowed_dir;
my $fulldir = $homedir."/public_html";
if($DEBUG) {
print("Full directory path is: $fulldir \n");
}
-if(!( -e $dirtry1)) {
+if(!( -e $homedir)) {
if($DEBUG) {
- print("User's home directory $dirtry1 does not exist\n");
+ print("User's home directory $homedir does not exist\n");
}
if ($authentication eq "unix:") {
exit 6;