Sanitize out backslashes in upload filenames

[citadel.git] / citadel / file_ops.c

diff --git a/citadel/file_ops.c b/citadel/file_ops.c
index 1ef2b979cfdcb00c39a2c25871fc118e1de8ae94..af4a872a1d5a43bbd840e0193a3c2d018f3f0f82 100644 (file)
--- a/citadel/file_ops.c
+++ b/citadel/file_ops.c
@@ -28,6 +28,7 @@
 #endif
 
 #include <limits.h>
+#include <libcitadel.h>
 #include "citadel.h"
 #include "server.h"
 #include "config.h"
@@ -37,8 +38,8 @@
 #include "support.h"
 #include "room_ops.h"
 #include "msgbase.h"
-#include "tools.h"
 #include "citserver.h"
+#include "threads.h"
 
 #ifndef HAVE_SNPRINTF
 #include "snprintf.h"
@@ -96,7 +97,7 @@ int network_talking_to(char *nodename, int operation) {
                        break;
        }
 
-       if (nttlist != NULL) lprintf(CTDL_DEBUG, "nttlist=<%s>\n", nttlist);
+       if (nttlist != NULL) CtdlLogPrintf(CTDL_DEBUG, "nttlist=<%s>\n", nttlist);
        end_critical_section(S_NTTLIST);
        return(retval);
 }
@@ -127,7 +128,7 @@ void cmd_delf(char *filename)
                return;
        }
        for (a = 0; !IsEmptyStr(&filename[a]); ++a) {
-               if (filename[a] == '/') {
+               if ( (filename[a] == '/') || (filename[a] == '\\') ) {
                        filename[a] = '_';
                }
        }
@@ -179,7 +180,7 @@ void cmd_movf(char *cmdbuf)
        }
 
        for (a = 0; !IsEmptyStr(&filename[a]); ++a) {
-               if (filename[a] == '/') {
+               if ( (filename[a] == '/') || (filename[a] == '\\') ) {
                        filename[a] = '_';
                }
        }
@@ -211,7 +212,7 @@ void cmd_movf(char *cmdbuf)
 
        /* this is a crude method of copying the file description */
        snprintf(buf, sizeof buf,
-                "cat ./files/%s/filedir |grep %s >>./files/%s/filedir",
+                "cat ./files/%s/filedir |grep \"%s\" >>./files/%s/filedir",
                 CC->room.QRdirname, filename, qrbuf.QRdirname);
        system(buf);
        cprintf("%d File '%s' has been moved.\n", CIT_OK, filename);
@@ -248,7 +249,7 @@ void cmd_netf(char *cmdbuf)
        }
 
        for (a = 0; !IsEmptyStr(&filename[a]); ++a) {
-               if (filename[a] == '/') {
+               if ( (filename[a] == '/') || (filename[a] == '\\') ) {
                        filename[a] = '_';
                }
        }
@@ -321,7 +322,7 @@ void cmd_netf(char *cmdbuf)
  * It examines the file and displays the OK result code and some information
  * about the file.  NOTE: this stuff is Unix dependent.
  */
-void OpenCmdResult(char *filename, char *mime_type)
+void OpenCmdResult(char *filename, const char *mime_type)
 {
        struct stat statbuf;
        time_t modtime;
@@ -368,7 +369,7 @@ void cmd_open(char *cmdbuf)
        }
 
        for (a = 0; !IsEmptyStr(&filename[a]); ++a) {
-               if (filename[a] == '/') {
+               if ( (filename[a] == '/') || (filename[a] == '\\') ) {
                        filename[a] = '_';
                }
        }
@@ -395,6 +396,7 @@ void cmd_oimg(char *cmdbuf)
 {
        char filename[256];
        char pathname[PATH_MAX];
+       char MimeTestBuf[32];
        struct ctdluser usbuf;
        char which_user[USERNAME_SIZE];
        int which_floor;
@@ -422,37 +424,42 @@ void cmd_oimg(char *cmdbuf)
                        return;
                }
                snprintf(pathname, sizeof pathname, 
-                                "%s/%ld.gif",
+                                "%s/%ld",
                                 ctdl_usrpic_dir,
                                 usbuf.usernum);
        } else if (!strcasecmp(filename, "_floorpic_")) {
                which_floor = extract_int(cmdbuf, 1);
                snprintf(pathname, sizeof pathname,
-                                "%s/floor.%d.gif",
+                                "%s/floor.%d",
                                 ctdl_image_dir, which_floor);
        } else if (!strcasecmp(filename, "_roompic_")) {
                assoc_file_name(pathname, sizeof pathname, &CC->room, ctdl_image_dir);
        } else {
-               for (a = 0; !IsEmptyStr(&filename[0]); ++a) {
+               for (a = 0; !IsEmptyStr(&filename[a]); ++a) {
                        filename[a] = tolower(filename[a]);
-                       if (filename[a] == '/') {
+                       if ( (filename[a] == '/') || (filename[a] == '\\') ) {
                                filename[a] = '_';
                        }
                }
                snprintf(pathname, sizeof pathname,
-                                "%s/%s.gif",
+                                "%s/%s",
                                 ctdl_image_dir,
                                 filename);
        }
 
        CC->download_fp = fopen(pathname, "rb");
+       if (CC->download_fp == NULL) {
+               strcat(pathname, ".gif");
+               CC->download_fp = fopen(pathname, "rb");
+       }
        if (CC->download_fp == NULL) {
                cprintf("%d Cannot open %s: %s\n",
                        ERROR + FILE_NOT_FOUND, pathname, strerror(errno));
                return;
        }
-
-       OpenCmdResult(pathname, "image/gif");
+       fread(&MimeTestBuf[0], 1, 32, CC->download_fp);
+       rewind (CC->download_fp);
+       OpenCmdResult(pathname, GuessMimeType(&MimeTestBuf[0], 32));
 }
 
 /*
@@ -463,7 +470,8 @@ void cmd_uopn(char *cmdbuf)
        int a;
 
        extract_token(CC->upl_file, cmdbuf, 0, '|', sizeof CC->upl_file);
-       extract_token(CC->upl_comment, cmdbuf, 1, '|', sizeof CC->upl_comment);
+       extract_token(CC->upl_mimetype, cmdbuf, 1, '|', sizeof CC->upl_mimetype);
+       extract_token(CC->upl_comment, cmdbuf, 2, '|', sizeof CC->upl_comment);
 
        if (CtdlAccessCheck(ac_logged_in)) return;
 
@@ -486,7 +494,7 @@ void cmd_uopn(char *cmdbuf)
        }
 
        for (a = 0; !IsEmptyStr(&CC->upl_file[a]); ++a) {
-               if (CC->upl_file[a] == '/') {
+               if ( (CC->upl_file[a] == '/') || (CC->upl_file[a] == '\\') ) {
                        CC->upl_file[a] = '_';
                }
        }
@@ -535,7 +543,8 @@ void cmd_uimg(char *cmdbuf)
        }
 
        is_this_for_real = extract_int(cmdbuf, 0);
-       extract_token(basenm, cmdbuf, 1, '|', sizeof basenm);
+       extract_token(CC->upl_mimetype, cmdbuf, 1, '|', sizeof CC->upl_mimetype);
+       extract_token(basenm, cmdbuf, 2, '|', sizeof basenm);
        if (CC->upload_fp != NULL) {
                cprintf("%d You already have an upload file open.\n",
                        ERROR + RESOURCE_BUSY);
@@ -546,7 +555,7 @@ void cmd_uimg(char *cmdbuf)
 
        for (a = 0; !IsEmptyStr(&basenm[a]); ++a) {
                basenm[a] = tolower(basenm[a]);
-               if (basenm[a] == '/') {
+               if ( (basenm[a] == '/') || (basenm[a] == '\\') ) {
                        basenm[a] = '_';
                }
        }
@@ -675,15 +684,18 @@ void cmd_ucls(char *cmd)
                        fp = fopen(CC->upl_filedir, "w");
                }
                if (fp != NULL) {
-                       fprintf(fp, "%s %s\n", CC->upl_file,
+                       fprintf(fp, "%s %s %s\n", CC->upl_file,
+                               CC->upl_mimetype,
                                CC->upl_comment);
                        fclose(fp);
                }
 
                /* put together an upload notice */
                snprintf(upload_notice, sizeof upload_notice,
-                       "NEW UPLOAD: '%s'\n %s\n",
-                       CC->upl_file, CC->upl_comment);
+                       "NEW UPLOAD: '%s'\n %s\n%s\n",
+                        CC->upl_file, 
+                        CC->upl_comment, 
+                        CC->upl_mimetype);
                quickie_message(CC->curr_user, NULL, NULL, CC->room.QRname,
                                upload_notice, 0, NULL);
        } else {