[LON-CAPA-cvs] cvs: loncom /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Sun Nov 12 19:49:32 EST 2017
raeburn Mon Nov 13 00:49:32 2017 EDT
Modified files:
/loncom/lonnet/perl lonnet.pm
Log:
- Untaint system() calls by forcing list processing mode.
- Use three-argument open() to separate file mode from the filename.
-------------- next part --------------
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1358 loncom/lonnet/perl/lonnet.pm:1.1359
--- loncom/lonnet/perl/lonnet.pm:1.1358 Mon Nov 13 00:22:03 2017
+++ loncom/lonnet/perl/lonnet.pm Mon Nov 13 00:49:31 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1358 2017/11/13 00:22:03 raeburn Exp $
+# $Id: lonnet.pm,v 1.1359 2017/11/13 00:49:31 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -146,7 +146,7 @@
sub logtouch {
my $execdir=$perlvar{'lonDaemons'};
unless (-e "$execdir/logs/lonnet.log") {
- open(my $fh,">>$execdir/logs/lonnet.log");
+ open(my $fh,">>","$execdir/logs/lonnet.log");
close $fh;
}
my ($wwwuid,$wwwgid)=(getpwnam('www'))[2,3];
@@ -158,7 +158,7 @@
my $execdir=$perlvar{'lonDaemons'};
my $now=time;
my $local=localtime($now);
- if (open(my $fh,">>$execdir/logs/lonnet.log")) {
+ if (open(my $fh,">>","$execdir/logs/lonnet.log")) {
my $logstring = $local. " ($$): ".$message."\n"; # Keep any \'s in string.
print $fh $logstring;
close($fh);
@@ -171,7 +171,7 @@
my $execdir=$perlvar{'lonDaemons'};
my $now=time;
my $local=localtime($now);
- if (open(my $fh,">>$execdir/logs/lonnet.perm.log")) {
+ if (open(my $fh,">>","$execdir/logs/lonnet.perm.log")) {
print $fh "$now:$message:$local\n";
close($fh);
}
@@ -485,7 +485,7 @@
&logthis("Trying to reconnect lonc");
my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
- if (open(my $fh,"<$loncfile")) {
+ if (open(my $fh,"<",$loncfile)) {
my $loncpid=<$fh>;
chomp($loncpid);
if (kill 0 => $loncpid) {
@@ -525,7 +525,7 @@
$dumpcount++;
{
my $dfh;
- if (open($dfh,">$dfilename")) {
+ if (open($dfh,">",$dfilename)) {
print $dfh "$cmd\n";
close($dfh);
}
@@ -534,7 +534,7 @@
my $wcmd='';
{
my $dfh;
- if (open($dfh,"<$dfilename")) {
+ if (open($dfh,"<",$dfilename)) {
$wcmd=<$dfh>;
close($dfh);
}
@@ -3615,7 +3615,7 @@
$home);
}
} elsif ($action eq 'uploaddoc') {
- open(my $fh,'>'.$filepath.'/'.$fname);
+ open(my $fh,'>',$filepath.'/'.$fname);
print $fh $env{'form.'.$source};
close($fh);
if ($parser eq 'parse') {
@@ -3673,7 +3673,7 @@
($fpath,$fname) = ($file =~ m|^(.*)/([^/]+)$|);
$fpath=$docudom.'/'.$docuname.'/'.$fpath;
my $filepath = &build_filepath($fpath);
- open(my $fh,'>'.$filepath.'/'.$fname);
+ open(my $fh,'>',$filepath.'/'.$fname);
print $fh $content;
close($fh);
my $home=&homeserver($docuname,$docudom);
@@ -3824,7 +3824,7 @@
mkdir($fullpath,0777);
}
}
- open(my $fh,'>'.$fullpath.'/'.$fname);
+ open(my $fh,'>',$fullpath.'/'.$fname);
print $fh $env{'form.'.$formname};
close($fh);
if ($context eq 'existingfile') {
@@ -3899,7 +3899,7 @@
# Save the file
{
- if (!open(FH,'>'.$filepath.'/'.$file)) {
+ if (!open(FH,'>',$filepath.'/'.$file)) {
&logthis('Failed to create '.$filepath.'/'.$file);
print STDERR ('Failed to create '.$filepath.'/'.$file."\n");
return '/adm/notfound.html';
@@ -3957,7 +3957,8 @@
my $input = $filepath.'/'.$file;
my $output = $filepath.'/'.'tn-'.$file;
my $thumbsize = $thumbwidth.'x'.$thumbheight;
- system("convert -sample $thumbsize $input $output");
+ my @args = ('convert','-sample',$thumbsize,$input,$output);
+ system({$args[0]} @args);
if (-e $filepath.'/'.'tn-'.$file) {
$fetchthumb = 1;
}
@@ -4917,7 +4918,7 @@
sub getannounce {
- if (open(my $fh,$perlvar{'lonDocRoot'}.'/announcement.txt')) {
+ if (open(my $fh,"<",$perlvar{'lonDocRoot'}.'/announcement.txt')) {
my $announcement='';
while (my $line = <$fh>) { $announcement .= $line; }
close($fh);
@@ -8463,7 +8464,7 @@
if ($xml_classlist =~ /^error/) {
&logthis('fetch_enrollment_query - autoretrieve error: '.$xml_classlist.' for '.$filename.' from server: '.$homeserver.' '.$context.' '.$cnum);
} else {
- if ( open(FILE,">$destname") ) {
+ if ( open(FILE,">",$destname) ) {
print FILE &unescape($xml_classlist);
close(FILE);
} else {
@@ -8492,7 +8493,7 @@
for (1..$loopmax) {
sleep($sleep);
if (-e $replyfile.'.end') {
- if (open(my $fh,$replyfile)) {
+ if (open(my $fh,"<",$replyfile)) {
$reply = join('',<$fh>);
close($fh);
} else { return 'error: reply_file_error'; }
@@ -10119,7 +10120,7 @@
my ($user, $path, @files) = @_;
my $filename = $user."savedfiles";
my @other_files = &files_not_in_path($user, $path);
- open (OUT, '>'.$tmpdir.$filename);
+ open (OUT,'>',LONCAPA::tempdir().$filename);
foreach my $file (@files) {
print (OUT $env{'form.currentpath'}.$file."\n");
}
@@ -10133,7 +10134,7 @@
sub clear_selected_files {
my ($user) = @_;
my $filename = $user."savedfiles";
- open (OUT, '>'.LONCAPA::tempdir().$filename);
+ open (OUT,'>',LONCAPA::tempdir().$filename);
print (OUT undef);
close (OUT);
return ("ok");
@@ -10143,7 +10144,7 @@
my ($user, $path) = @_;
my $filename = $user."savedfiles";
my %return_files;
- open (IN, '<'.LONCAPA::tempdir().$filename);
+ open (IN,'<',LONCAPA::tempdir().$filename);
while (my $line_in = <IN>) {
chomp ($line_in);
my @paths_and_file = split (m!/!, $line_in);
@@ -10165,7 +10166,7 @@
my $filename = $user."savedfiles";
my @return_files;
my $path_part;
- open(IN, '<'.LONCAPA::tempdir().$filename);
+ open(IN, '<',LONCAPA::tempdir().$filename);
while (my $line = <IN>) {
#ok, I know it's clunky, but I want it to work
my @paths_and_file = split(m|/|, $line);
@@ -13028,7 +13029,7 @@
my $file = shift;
if ( (! -e $file ) || ($file eq '') ) { return -1; };
my $fh;
- open($fh,"<$file");
+ open($fh,"<",$file);
my $a='';
while (my $line = <$fh>) { $a .= $line; }
return $a;
@@ -13141,7 +13142,7 @@
sub additional_machine_domains {
my @domains;
- open(my $fh,"<$perlvar{'lonTabDir'}/expected_domains.tab");
+ open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab");
while( my $line = <$fh>) {
$line =~ s/\s//g;
push(@domains,$line);
@@ -13287,7 +13288,7 @@
}
my %alldns;
- open(my $config,"<$perlvar{'lonTabDir'}/hosts.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/hosts.tab");
foreach my $dns (<$config>) {
next if ($dns !~ /^\^(\S*)/x);
my $line = $1;
@@ -13313,7 +13314,7 @@
close($config);
my $which = (split('/',$url))[3];
&logthis("unable to contact DNS defaulting to on disk file dns_$which.tab\n");
- open($config,"<$perlvar{'lonTabDir'}/dns_$which.tab");
+ open($config,"<","$perlvar{'lonTabDir'}/dns_$which.tab");
my @content = <$config>;
&$func(\@content,$hashref);
return;
@@ -13406,7 +13407,7 @@
my ($ignore_cache,$nocache) = @_;
&get_dns('/adm/dns/domain',\&parse_domain_tab,$ignore_cache,$nocache);
my $fh;
- if (open($fh,"<".$perlvar{'lonTabDir'}.'/domain.tab')) {
+ if (open($fh,"<",$perlvar{'lonTabDir'}.'/domain.tab')) {
my @lines = <$fh>;
&parse_domain_tab(\@lines);
}
@@ -13508,7 +13509,7 @@
sub load_hosts_tab {
my ($ignore_cache,$nocache) = @_;
&get_dns('/adm/dns/hosts',\&parse_hosts_tab,$ignore_cache,$nocache);
- open(my $config,"<$perlvar{'lonTabDir'}/hosts.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/hosts.tab");
my @config = <$config>;
&parse_hosts_tab(\@config);
close($config);
@@ -13779,7 +13780,7 @@
{
sub load_loncaparevs {
if (-e "$perlvar{'lonTabDir'}/loncaparevs.tab") {
- if (open(my $config,"<$perlvar{'lonTabDir'}/loncaparevs.tab")) {
+ if (open(my $config,"<","$perlvar{'lonTabDir'}/loncaparevs.tab")) {
while (my $configline=<$config>) {
chomp($configline);
my ($hostid,$loncaparev)=split(/:/,$configline);
@@ -13795,7 +13796,7 @@
{
sub load_serverhomeIDs {
if (-e "$perlvar{'lonTabDir'}/serverhomeIDs.tab") {
- if (open(my $config,"<$perlvar{'lonTabDir'}/serverhomeIDs.tab")) {
+ if (open(my $config,"<","$perlvar{'lonTabDir'}/serverhomeIDs.tab")) {
while (my $configline=<$config>) {
chomp($configline);
my ($name,$id)=split(/:/,$configline);
@@ -13820,7 +13821,7 @@
# ------------------------------------------------------ Read spare server file
{
- open(my $config,"<$perlvar{'lonTabDir'}/spare.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/spare.tab");
while (my $configline=<$config>) {
chomp($configline);
@@ -13834,7 +13835,7 @@
}
# ------------------------------------------------------------ Read permissions
{
- open(my $config,"<$perlvar{'lonTabDir'}/roles.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/roles.tab");
while (my $configline=<$config>) {
chomp($configline);
@@ -13848,7 +13849,7 @@
# -------------------------------------------- Read plain texts for permissions
{
- open(my $config,"<$perlvar{'lonTabDir'}/rolesplain.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/rolesplain.tab");
while (my $configline=<$config>) {
chomp($configline);
@@ -13868,7 +13869,7 @@
# ---------------------------------------------------------- Read package table
{
- open(my $config,"<$perlvar{'lonTabDir'}/packages.tab");
+ open(my $config,"<","$perlvar{'lonTabDir'}/packages.tab");
while (my $configline=<$config>) {
if ($configline !~ /\S/ || $configline=~/^#/) { next; }
@@ -13922,7 +13923,7 @@
# ---------------------------------------------------------- Read managers table
{
if (-e "$perlvar{'lonTabDir'}/managers.tab") {
- if (open(my $config,"<$perlvar{'lonTabDir'}/managers.tab")) {
+ if (open(my $config,"<","$perlvar{'lonTabDir'}/managers.tab")) {
while (my $configline=<$config>) {
chomp($configline);
next if ($configline =~ /^\#/);
More information about the LON-CAPA-cvs
mailing list