From 861b644b9eec2f27d34ea5ce13b8e613edcd443e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9munaire?= Date: Mon, 25 Nov 2013 15:38:06 +0100 Subject: [PATCH] Add some checks on directories --- htdocs/index.php | 6 +++- onyx/include/admin/certificate.php | 26 ++++++++------- onyx/include/admin/home.php | 10 ++++-- onyx/include/team/exercice.php | 33 +++++++++++++++---- onyx/tpl/bootstrap/admin/home.tpl | 21 +++++------- onyx/tpl/bootstrap/admin/import_exercices.tpl | 3 -- onyx/tpl/bootstrap/admin/layout.tpl | 20 +++++++++-- 7 files changed, 81 insertions(+), 38 deletions(-) diff --git a/htdocs/index.php b/htdocs/index.php index d586b5f3..372a9adb 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -45,6 +45,10 @@ if ($n && $p[0] == SALT_ADMIN) { case "certificate": case "certificate/": + case "certificate/newca": + case "certificate/newca/": + case "certificate/deleteca": + case "certificate/deleteca/": $page = require("admin/certificate.php"); break; @@ -133,7 +137,7 @@ else if ($n && $p[0] == SALT_USER) unset($tmp, $id); $template->assign("cur_theme", $THEME); - if ($n == 4 || ($n == 5 && $p[4] == "submission")) + if ($n == 4 || ($n >= 5 && $p[4] == "submission")) $id_exo = $p[3]; else if ($n == 3) { diff --git a/onyx/include/admin/certificate.php b/onyx/include/admin/certificate.php index dd60fe43..ce7b4016 100644 --- a/onyx/include/admin/certificate.php +++ b/onyx/include/admin/certificate.php @@ -26,33 +26,37 @@ function new_client($name) { //TODO handle if already exist putenv("OPENSSL_CONF=".ONYX. '../misc/openssl.cnf'); - putenv("TOP_DIR=".ONYX. '../misc/fic_pki'); + putenv("TOP_DIR=".ONYX. '../misc/pki'); $output = shell_exec(ONYX . "../misc/CA.sh -newclient $name"); } -if (isset($_GET['newca'])) +if (!empty($p[2])) { + if ($p[2] == "newca") + { //TODO handle if already exist putenv("OPENSSL_CONF=".ONYX. '../misc/openssl.cnf'); - putenv("TOP_DIR=".ONYX. '../misc/fic_pki'); + putenv("TOP_DIR=".ONYX. '../misc/pki'); $output = shell_exec(ONYX . '../misc/CA.sh -newca'); //TODO handle the path ? - $ca_file = ONYX . '../misc/fic_pki/cacert.crt'; + $ca_file = ONYX . '../misc/pki/cacert.crt'; //TODO check permission ? if (file_exists($ca_file)) { - $data = openssl_x509_parse(file_get_contents(ONYX . '../misc/fic_pki/cacert.crt')); - $template->assign("cert", $data); + $data = openssl_x509_parse(file_get_contents(ONYX . '../misc/pki/cacert.crt')); + $template->assign("cert", $data); } -} + } -if (isset($_GET['deleteca'])) -{ + elseif ($p[2] == "deleteca") + { //TODO handle var path - $dir = ONYX . '../misc/fic_pki'; + $dir = ONYX . '../misc/pki'; remove_directory($dir); + } } -return "admin/home"; +//header("Location: /admin/"); +//exit; \ No newline at end of file diff --git a/onyx/include/admin/home.php b/onyx/include/admin/home.php index ceef1b4b..2e333fa1 100644 --- a/onyx/include/admin/home.php +++ b/onyx/include/admin/home.php @@ -2,13 +2,19 @@ if(!defined('ONYX')) exit; +if (is_writable(ONYX."../misc/") && !is_dir(ONYX."../misc/pki/")) + mkdir(ONYX."../misc/pki/"); + +$wright = is_writable(ONYX."../misc/pki/"); +$template->assign("cert_writable", $wright); + //TODO handle the path ? -$ca_file = ONYX . '../misc/fic_pki/cacert.crt'; +$ca_file = ONYX . '../misc/pki/cacert.crt'; //TODO check permission ? if (file_exists($ca_file)) { - $data = openssl_x509_parse(file_get_contents(ONYX . '../misc/fic_pki/cacert.crt')); + $data = openssl_x509_parse(file_get_contents(ONYX . '../misc/pki/cacert.crt')); $template->assign("cert", $data); } diff --git a/onyx/include/team/exercice.php b/onyx/include/team/exercice.php index ac43435c..299eefa4 100644 --- a/onyx/include/team/exercice.php +++ b/onyx/include/team/exercice.php @@ -4,19 +4,38 @@ if(!defined('ONYX')) exit; $solved = count($EXERCICE->get_solved()); -if ($n == 5 && $p[4] == "submission") +if ($n >= 5 && $p[4] == "submission") { - $template->assign("ERRcolor", "success"); - $template->assign("ERRmessage", "Votre réponse a bien été prise en compte et sera évaluée dans quelques instants..."); + if ($n >= 6 && $p[5] == "werr") + { + $template->assign("ERRcolor", "danger"); + if (DEBUG) + $template->assign("ERRmessage", "DEBUG ERROR: le répertoire submission n'est pas accessible en écriture."); + else + $template->assign("ERRmessage", "Une erreur s'est produite durant la soumission. Veuillez réessayer dans quelques instants."); + } + else + { + $template->assign("ERRcolor", "success"); + $template->assign("ERRmessage", "Votre réponse a bien été prise en compte et sera évaluée dans quelques instants..."); + } if (!empty($_POST["solution"])) { - $file = ONYX . "../submission/".$p[1]."-".$p[2]."-".$p[3]; + if (is_writable(ONYX . "../submission/")) + { + $file = ONYX . "../submission/".$p[1]."-".$p[2]."-".$p[3]; - file_put_contents($file, $_POST['solution'], LOCK_EX); + file_put_contents($file, $_POST['solution'], LOCK_EX); - header("Location: /".implode("/", $p)); - exit; + header("Location: /".implode("/", $p)); + exit; + } + else + { + header("Location: /".implode("/", $p)."/werr"); + exit; + } } } diff --git a/onyx/tpl/bootstrap/admin/home.tpl b/onyx/tpl/bootstrap/admin/home.tpl index 1ff29ac1..35c6d854 100644 --- a/onyx/tpl/bootstrap/admin/home.tpl +++ b/onyx/tpl/bootstrap/admin/home.tpl @@ -1,17 +1,12 @@ {extends file="admin/layout.tpl"} -{block name=head} - -{/block} - {block name=content} -
-

Certificat racine FIC 2014

+

Certificat racine

- {if isset($cert)} + {if isset($cert)}
  • [C] : {$cert['subject']['C']}
  • [ST] : {$cert['subject']['ST']}
    • @@ -20,11 +15,13 @@
  • [CN] : {$cert['subject']['CN']}
  • [emailAddress] : {$cert['subject']['emailAddress']}
- Supprimer - {else} - Nouveau - {/if} + Supprimer + {elseif ! $cert_writable} +
Répertoire non accessible en écriture.
+ Nouveau + {else} + Nouveau + {/if}
- {/block} diff --git a/onyx/tpl/bootstrap/admin/import_exercices.tpl b/onyx/tpl/bootstrap/admin/import_exercices.tpl index 19794a24..6f3a6b9f 100644 --- a/onyx/tpl/bootstrap/admin/import_exercices.tpl +++ b/onyx/tpl/bootstrap/admin/import_exercices.tpl @@ -1,7 +1,4 @@ {extends file="admin/layout.tpl"} -{block name=head} - -{/block} {block name=content}

Import d'exercices diff --git a/onyx/tpl/bootstrap/admin/layout.tpl b/onyx/tpl/bootstrap/admin/layout.tpl index f8192f72..393320ce 100644 --- a/onyx/tpl/bootstrap/admin/layout.tpl +++ b/onyx/tpl/bootstrap/admin/layout.tpl @@ -1,5 +1,21 @@ {extends file="layout.tpl"} +{block name=head} +{literal} + +{/literal} +{/block} + +{block name=end} + + +{/block} + {block name=body}