kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 12:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

add path-locking to voicemail CGI app (bug #4304)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6055 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
2005-07-07 23:34:59 +00:00
parent 91ee5d5ddd
commit 349a64ef8f
1 changed files with 106 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
contrib/scripts/vmail.cgi
View File

@@ -11,10 +11,15 @@
# (icky, I know.... if you know better perl please help!) # (icky, I know.... if you know better perl please help!)
# #
# #
# Synchronization added by GDS Partners (www.gdspartners.com)
# Stojan Sljivic (stojan.sljivic@gdspartners.com)
#
use CGI qw/:standard/; use CGI qw/:standard/;
use Carp::Heavy; use Carp::Heavy;
use CGI::Carp qw(fatalsToBrowser); use CGI::Carp qw(fatalsToBrowser);
use DBI; use DBI;
use Fcntl qw ( O_WRONLY O_CREAT O_EXCL );
use Time::HiRes qw ( usleep );
$context=""; # Define here your by default context (so you dont need to put voicemail@context in the login $context=""; # Define here your by default context (so you dont need to put voicemail@context in the login
@@ -44,6 +49,57 @@ $stdcontainerstart = "<table align=center width=600><tr><td>\n";
$footer = "<hr><font size=-1><a href=\"http://www.asterisk.org\">The Asterisk Open Source PBX</a> Copyright 2004, <a href=\"http://www.digium.com\">Digium, Inc.</a></a>"; $footer = "<hr><font size=-1><a href=\"http://www.asterisk.org\">The Asterisk Open Source PBX</a> Copyright 2004, <a href=\"http://www.digium.com\">Digium, Inc.</a></a>";
$stdcontainerend = "</td></tr><tr><td align=right>$footer</td></tr></table>\n"; $stdcontainerend = "</td></tr><tr><td align=right>$footer</td></tr></table>\n";
sub lock_path() {
my($path) = @_;
my $rand;
my $rfile;
my $start;
my $res;
$rand = rand 99999999;
$rfile = "$path/.lock-$rand";
sysopen(RFILE, $rfile, O_WRONLY | O_CREAT | O_EXCL, 0666) or return -1;
close(RFILE);
$res = link($rfile, "$path/.lock");
$start = time;
if ($res == 0) {
while (($res == 0) && (time - $start <= 5)) {
$res = link($rfile, "$path/.lock");
usleep(1);
}
}
unlink($rfile);
if ($res == 0) {
return -1;
} else {
return 0;
}
}
sub unlock_path() {
my($path) = @_;
unlink("$path/.lock");
}
sub untaint() {
my($data) = @_;
if ($data =~ /^([-\@\w.]+)$/) {
$data = $1;
} else {
die "Security violation.";
}
return $data;
}
sub login_screen() { sub login_screen() {
print header; print header;
my ($message) = @_; my ($message) = @_;
@@ -873,18 +929,28 @@ sub message_forward()
die("Bah! Not a valid mailbox '$newmbox'\n"); die("Bah! Not a valid mailbox '$newmbox'\n");
return ""; return "";
} }
$msgcount = &msgcount($context, $newmbox, "INBOX");
my $txt; my $txt;
if ($newmbox ne $mbox) { $context = &untaint($context);
# print header; $newmbox = &untaint($newmbox);
foreach $msg (@msgs) { my $path = "/var/spool/asterisk/voicemail/$context/$newmbox/INBOX";
# print "Forwarding $msg from $mbox to $newmbox<BR>\n"; if (&lock_path($path) == 0) {
&message_copy($context, $mbox, $newmbox, $folder, $msg, sprintf "%04d", $msgcount); $msgcount = &msgcount($context, $newmbox, "INBOX");
$msgcount++;
if ($newmbox ne $mbox) {
# print header;
foreach $msg (@msgs) {
# print "Forwarding $msg from $mbox to $newmbox<BR>\n";
&message_copy($context, $mbox, $newmbox, $folder, $msg, sprintf "%04d", $msgcount);
$msgcount++;
}
$txt = "Forwarded messages " . join(', ', @msgs) . "to $newmbox";
} else {
$txt = "Can't forward messages to yourself!\n";
} }
$txt = "Forwarded messages " . join(', ', @msgs) . "to $newmbox"; &unlock_path($path);
} else { } else {
$txt = "Can't forward messages to yourself!\n"; $txt = "Cannot forward messages: Unable to lock path.\n";
} }
if ($toindex) { if ($toindex) {
&message_index($folder, $txt); &message_index($folder, $txt);
@@ -910,33 +976,42 @@ sub message_delete_or_move()
$context = "default"; $context = "default";
} }
my $passwd = param('password'); my $passwd = param('password');
my $msgcount = &msgcount($context, $mbox, $folder); $context = &untaint($context);
my $omsgcount = &msgcount($context, $mbox, $newfolder) if $newfolder; $mbox = &untaint($mbox);
# print header; $folder = &untaint($folder);
if ($newfolder ne $folder) { my $path = "/var/spool/asterisk/voicemail/$context/$mbox/$folder";
$y = 0; if (&lock_path($path) == 0) {
for ($x=0;$x<$msgcount;$x++) { my $msgcount = &msgcount($context, $mbox, $folder);
my $msg = sprintf "%04d", $x; my $omsgcount = &msgcount($context, $mbox, $newfolder) if $newfolder;
my $newmsg = sprintf "%04d", $y; # print header;
if (grep(/^$msg$/, @msgs)) { if ($newfolder ne $folder) {
if ($newfolder) { $y = 0;
&message_rename($context, $mbox, $folder, $msg, $newfolder, sprintf "%04d", $omsgcount); for ($x=0;$x<$msgcount;$x++) {
$omsgcount++; my $msg = sprintf "%04d", $x;
my $newmsg = sprintf "%04d", $y;
if (grep(/^$msg$/, @msgs)) {
if ($newfolder) {
&message_rename($context, $mbox, $folder, $msg, $newfolder, sprintf "%04d", $omsgcount);
$omsgcount++;
} else {
&message_delete($context, $mbox, $folder, $msg);
}
} else { } else {
&message_delete($context, $mbox, $folder, $msg); &message_rename($context, $mbox, $folder, $msg, $folder, $newmsg);
$y++;
} }
} else {
&message_rename($context, $mbox, $folder, $msg, $folder, $newmsg);
$y++;
} }
} if ($del) {
if ($del) { $txt = "Deleted messages " . join (', ', @msgs);
$txt = "Deleted messages " . join (', ', @msgs); } else {
$txt = "Moved messages " . join (', ', @msgs) . " to $newfolder";
}
} else { } else {
$txt = "Moved messages " . join (', ', @msgs) . " to $newfolder"; $txt = "Can't move a message to the same folder they're in already";
} }
&unlock_path($path);
} else { } else {
$txt = "Can't move a message to the same folder they're in already"; $txt = "Cannot move/delete messages: Unable to lock path.\n";
} }
# Not as many messages now # Not as many messages now
$msgcount--; $msgcount--;