[geeklog-cvs] geeklog: Clean up leftover uploaded files after failed re-authen...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:36 EST 2009
changeset 7552:d93ca7c35812
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/d93ca7c35812
user: Dirk Haun <dirk at haun-online.de>
date: Tue Dec 29 09:53:22 2009 +0100
description:
Clean up leftover uploaded files after failed re-authentication
diffstat:
public_html/users.php | 16 ++++++++++++++++
system/lib-security.php | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 57 insertions(+), 0 deletions(-)
diffs (96 lines):
diff -r 869322aee600 -r d93ca7c35812 public_html/users.php
--- a/public_html/users.php Mon Dec 28 13:41:53 2009 +0100
+++ b/public_html/users.php Tue Dec 29 09:53:22 2009 +0100
@@ -923,11 +923,17 @@
$response = $req->sendRequest();
if (PEAR::isError($response)) {
+ if (! empty($files)) {
+ SECINT_cleanupFiles($files);
+ }
trigger_error("Resending $method request failed: " . $response->getMessage());
} else {
COM_output($req->getResponseBody());
}
} else {
+ if (! empty($files)) {
+ SECINT_cleanupFiles($files);
+ }
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
@@ -1343,6 +1349,13 @@
case 'tokenexpired':
// check to see if this was the last allowed attempt
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
+ $files = '';
+ if (isset($_POST['token_files'])) {
+ $files = urldecode($_POST['token_files']);
+ }
+ if (! empty($files)) {
+ SECINT_cleanupFiles($files);
+ }
displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]);
} else {
$returnurl = '';
@@ -1373,6 +1386,9 @@
$display .= SECINT_authform($returnurl, $method,
$postdata, $getdata, $files);
} else {
+ if (! empty($files)) {
+ SECINT_cleanupFiles($files);
+ }
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
diff -r 869322aee600 -r d93ca7c35812 system/lib-security.php
--- a/system/lib-security.php Mon Dec 28 13:41:53 2009 +0100
+++ b/system/lib-security.php Tue Dec 29 09:53:22 2009 +0100
@@ -1352,6 +1352,47 @@
}
/**
+* Helper function: Clean up any leftover files on failed re-authentication
+*
+* When re-authentication fails, we need to clean up any files that may have
+* been rescued during the original POST request with the expired token. Note
+* that the uploaded files are now in the site's 'data' directory.
+*
+* @param mixed $files original or recreated $_FILES array
+* @return void
+*
+*/
+function SECINT_cleanupFiles($files)
+{
+ global $_CONF;
+
+ // first, some sanity checks
+ if (! is_array($files)) {
+ if (empty($files)) {
+ return; // nothing to do
+ } else {
+ $files = @unserialize($files);
+ }
+ }
+ if (!is_array($files) || empty($files)) {
+ return; // bogus
+ }
+
+ foreach ($files as $key => $value) {
+ if (! empty($value['tmp_name'])) {
+ // ignore path - file is in $_CONF['path_data']
+ $filename = basename($value['tmp_name']);
+ $orphan = $_CONF['path_data'] . $filename;
+ if (file_exists($orphan)) {
+ if (! @unlink($orphan)) {
+ COM_errorLog("SECINT_cleanupFile: Unable to remove file $filename from 'data' directory");
+ }
+ }
+ }
+ }
+}
+
+/**
* Get a token's expiry time
*
* @param string $token the token we're looking for
More information about the geeklog-cvs
mailing list