once: comparison once.pl

equal deleted inserted replaced

-:eb0fb0878c89
+:0ce1c1c38edd
 # TODO: Security review!
 use 5.018;
 use strict;
 use warnings;
-use CGI qw(:all *table);
+use IO::File;
+use CGI qw(param upload);
 use CGI::Carp qw(fatalsToBrowser);
-use CGI::Pretty;
-use IO::File;
 use FindBin qw($RealBin);
 use File::Basename;
 use File::Path qw(remove_tree make_path);
 use File::Spec::Functions;
 use File::MimeInfo qw(mimetype);
 sub confirm;      # ask for user confirmation (HTML)
 sub deslash;      # cleanup a path name
 sub gen_uuid;     # create a uniq identifier
 sub base62;
 sub md5_base62 { ... }
+sub untaint;
 my $rxVIEW = qr/[a-z\d]{6}-[a-z\d]+/i;      # date-userhash
 my $rxFILE = qr/[a-z\d]{6}-[a-z\d]+-./i;    # date-filehash-deletemode
 my $TT_CONFIG =
 umask 077;
 # The working (var) directory gets passed to us via ONCE_VAR environment
 # FIXME: Should we allow the current directory as an alternative?
-my $ONCE_VAR = do {
+die "Environment ONCE_VAR needs to be defined\n"
-$ENV{ONCE_VAR} =~ /^(\/\S+)/;
+if not defined $ENV{ONCE_VAR};
-die "Please define (correct) env ONCE_VAR\n"
+my $ONCE_VAR = untaint($ENV{ONCE_VAR}, qr((^/.*)));;
-if not defined $1;
-$1;
-};
 exit main() if not caller;
 sub main {
+# Handle the UPLOAD / VIEW request
+# per view (user) we have an own directory
+# pre condition checks
+-d $ONCE_VAR
+or mkdir $ONCE_VAR => 0777
+or die "Can't mkdir $ONCE_VAR: $! (your admin should have created it)\n";
+-x -w $ONCE_VAR
+or die "Can't write to $ONCE_VAR: $!\n";
 # Download?
 # PATH_INFO is something like
 # /once/hDOPzMJMY0p/3fLjYmbYlGk-1450284310-d/boot.dot
 #       |-VIEW-----|                         |-BASE-|
 }
 exit 0;
 }
-# Handle the UPLOAD / VIEW request
+# Setup the essentials: view and user_dir
-# per view (user) we have an own directory
-# pre condition checks
--d $ONCE_VAR
-or mkdir $ONCE_VAR => 0777
-or die "Can't mkdir $ONCE_VAR: $! (your admin should have created it)\n";
--x -w $ONCE_VAR
-or die "Can't write to $ONCE_VAR: $!\n";
 my ($view, $user_dir) = do {
 # view: display name
 #       anonymous | hans | …
 # user_dir: the directory name, becomes part of the
 $v = 'anonymous';
 }
 $v, deslash catfile($ONCE_VAR, $d);
 };
+# Handle the removal request and we're done
 if (param('delete') =~ m{(?<store>(?<view>$rxVIEW)/$rxFILE/?)}) {
 # FIXME: sanitization
 my $store = deslash catfile $ONCE_VAR, $+{store};
 my $view  = deslash catfile $ONCE_VAR, $+{view};
 }
 # save the uploaded file
 if (length(my $file = param('upload'))) {
+my $upload_fh = upload('upload');
 my $uuid = gen_uuid();
 my ($delete, $expires, $days) = do {
 my ($d, $e);
-my $days = param('expires');
+my $days = param('expires') // 0;
 # sanitize expires
 $days =~ /.*?([+-]?\d+).*/;
 $days = $1 // 10;
 $e = base62 time + $days * 86400;
 $1;
 };
 my $dir = catfile($user_dir, "$expires-$uuid-$delete");
 make_path($dir);
-my $outfh = new IO::File "$dir/$filename", 'w'
+{
-or die "Can't create $dir/$filename: $!\n";
+my $outfh = new IO::File "$dir/$filename", 'w'
-print {$outfh} <$file>;
+or die "Can't create $dir/$filename: $!\n";
+print {$outfh} <$upload_fh>;
+}
 if (not $delete ~~ [qw(d m)]
 and my $atfh = new IO::File("|at now + $days days"))
 {
 print {$atfh}
 }
 unshift @result, $digits->[$n];
 join '', @result;
 }
+sub untaint {
+my ($_, $rx) = (@_, qr((\w+)));
+/$rx/;
+die sprintf("%s:%s:%d: untaint('%s', %s): not defined\n",  caller, $_, $rx)
+if not defined $1;
+return $1;
+}
 sub gen_uuid {
 #open my $f, '/dev/urandom' or croak;
 #read $f, my($_), 128/8;
 #/^(.*)$/;

changeset 65	0ce1c1c38edd
parent 64	eb0fb0878c89
child 66	2689c9f5f5c5