[dev] chora restricted files patch
Max Kalika
max@lsit.ucsb.edu
Wed, 16 Jan 2002 10:03:04 -0800
Quoting Max Kalika <max@lsit.ucsb.edu>:
> The patch is attached. Would this be a useful commit? I can do it if
> you all think it's worthwhile.
hmfff...I swear I sent it as text/plain. anyway, its below.
---max kalika
--max@lsit.ucsb.edu
-lsit systems administrator
Index: annotate.php
===================================================================
RCS file: /repository/chora/annotate.php,v
retrieving revision 1.19
diff -u -r1.19 annotate.php
--- annotate.php 2 Oct 2001 16:56:06 -0000 1.19
+++ annotate.php 16 Jan 2002 16:52:39 -0000
@@ -16,6 +16,10 @@
HTTP_Compress::start();
}
+if (Chora::isRestricted($where)) {
+ fatal('403 Forbidden', "$where: forbidden by server configuration");
+}
+
/* Spawn the file object */
$fl = new CVSLib_File($CVS, $CVS->cvsRoot().'/'.$where);
Index: co.php
===================================================================
RCS file: /repository/chora/co.php,v
retrieving revision 1.9
diff -u -r1.9 co.php
--- co.php 11 Aug 2001 21:13:24 -0000 1.9
+++ co.php 16 Jan 2002 16:52:40 -0000
@@ -22,6 +22,10 @@
HTTP_Compress::start();
}
+if (Chora::isRestricted($where)) {
+ fatal('403 Forbidden', "$where: forbidden by server configuration");
+}
+
/* Should we pretty-print this output or not? */
$plain = Horde::getFormData('p', 0);
Index: cvs.php
===================================================================
RCS file: /repository/chora/cvs.php,v
retrieving revision 1.116
diff -u -r1.116 cvs.php
--- cvs.php 5 Nov 2001 15:47:55 -0000 1.116
+++ cvs.php 16 Jan 2002 16:52:40 -0000
@@ -22,6 +22,10 @@
HTTP_Compress::start();
}
+if (Chora::isRestricted($where)) {
+ fatal('403 Forbidden', "$where: forbidden by server configuration");
+}
+
if (@is_dir($fullname)) {
/* checkError is the error trapping function */
Index: diff.php
===================================================================
RCS file: /repository/chora/diff.php,v
retrieving revision 1.44
diff -u -r1.44 diff.php
--- diff.php 23 Dec 2001 16:35:46 -0000 1.44
+++ diff.php 16 Jan 2002 16:52:40 -0000
@@ -17,6 +17,10 @@
HTTP_Compress::start();
}
+if (Chora::isRestricted($where)) {
+ fatal('403 Forbidden', "$where: forbidden by server configuration");
+}
+
/* Spawn the repository and file objects */
$fl = new CVSLib_File($CVS, $CVS->cvsRoot() . '/' . $where);
Index: history.php
===================================================================
RCS file: /repository/chora/history.php,v
retrieving revision 1.20
diff -u -r1.20 history.php
--- history.php 2 Oct 2001 16:56:06 -0000 1.20
+++ history.php 16 Jan 2002 16:52:40 -0000
@@ -17,6 +17,10 @@
HTTP_Compress::start();
}
+if (Chora::isRestricted($where)) {
+ fatal('403 Forbidden', "$where: forbidden by server configuration");
+}
+
/* Spawn the file object */
$fl = new CVSLib_File($CVS, $CVS->cvsRoot() . '/' . $where);
Index: config/conf.php.dist
===================================================================
RCS file: /repository/chora/config/conf.php.dist,v
retrieving revision 1.31
diff -u -r1.31 conf.php.dist
--- config/conf.php.dist 9 Nov 2001 08:30:51 -0000 1.31
+++ config/conf.php.dist 16 Jan 2002 16:52:40 -0000
@@ -51,4 +51,10 @@
// will be propagated using a GET variable instead.
$conf['options']['use_path_info'] = true;
+// If you wish to protech a file pattern on a global bases (i.e.
+// across all cvsroots defined in cvsroots.php) list the perl
+// file patterns in this array. For example:
+// $conf['restrictions'] = array('^/?CVSROOT');
+$conf['restrictions'] = array();
+
?>
Index: config/cvsroots.php.dist
===================================================================
RCS file: /repository/chora/config/cvsroots.php.dist,v
retrieving revision 1.4
diff -u -r1.4 cvsroots.php.dist
--- config/cvsroots.php.dist 8 Jun 2001 20:59:42 -0000 1.4
+++ config/cvsroots.php.dist 16 Jan 2002 16:52:41 -0000
@@ -23,6 +23,9 @@
* addresses, that normally sits in the CVSROOT/cvsusers
* file. If it is found, then more useful information
* will be shown.
+ *
+ * 'restrictions' : Array of perl regular expressions for those files
+ * whos contents should be protected and not displayed.
*/
$cvsroots = array();
@@ -41,6 +44,9 @@
'title' => 'Horde CVS Repository',
'cvsusers' => 'CVSROOT/cvsusers',
'intro' => 'horde-intro.txt'
+ 'restrictions' => array(
+ '^/?hordeweb/config/defaults.php',
+ )
);
$cvsroots['openbsd'] = array(
Index: graphics/back.gif
===================================================================
RCS file: /repository/chora/graphics/back.gif,v
retrieving revision 1.2
diff -u -r1.2 back.gif
Binary files /tmp/cvsk10myQ and back.gif differ
Index: lib/Chora.php
===================================================================
RCS file: /repository/chora/lib/Chora.php,v
retrieving revision 1.15
diff -u -r1.15 Chora.php
--- lib/Chora.php 25 Nov 2001 20:35:20 -0000 1.15
+++ lib/Chora.php 16 Jan 2002 16:52:42 -0000
@@ -158,6 +158,41 @@
}
}
+ /**
+ * Check if the given item is restricted from being shown.
+ * @return boolean whether or not the item is allowed to be displayed
+ **/
+ function isRestricted($item) {
+ global $conf, $cvsroots, $cvsroot;
+ static $restricted;
+
+ if (!isset($restricted)) {
+ $restricted = array();
+ if (isset($conf['restrictions']) &&
is_array($conf['restrictions'])) {
+ $restricted = $conf['restrictions'];
+ }
+
+ foreach ($cvsroots as $key => $val) {
+ if ($cvsroot == $val['location']) {
+ if (isset($val['restrictions']) &&
is_array($conf['restrictions'])) {
+ $restricted = array_merge($restricted,
$val['restrictions']);
+ break;
+ }
+ }
+ }
+ }
+
+ if (!empty($restricted) && is_array($restricted) &&
count($restricted)) {
+ for ($i = 0; $i < count($restricted); $i++) {
+ if (preg_match('|' . str_replace('|', '\|',
$restricted[$i]) . '|', $item)) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
}
?>
Index: templates/directory/dir.inc
===================================================================
RCS file: /repository/chora/templates/directory/dir.inc,v
retrieving revision 1.7
diff -u -r1.7 dir.inc
--- templates/directory/dir.inc 2 Oct 2001 16:56:08 -0000 1.7
+++ templates/directory/dir.inc 16 Jan 2002 16:52:52 -0000
@@ -1,7 +1,11 @@
<tr class="item<?= $dirrow ?>">
<td>
+<?php if (!Chora::isRestricted("$where/$currentDir")): ?>
<a href="<?= $url ?>">
<?= Horde::img('folder.gif', 'width="16" height="16" alt="' .
_("Directory") . '"') ?> <?= $currDir ?>/</a>
+<?php else: ?>
+ <?= Horde::img('folder.gif', 'width="16" height="16" alt="' .
_("Directory") . '"') ?> <?= $currDir ?>/
+<?php endif; ?>
</td>
<td> </td>
<td> </td>
Index: templates/directory/file.inc
===================================================================
RCS file: /repository/chora/templates/directory/file.inc,v
retrieving revision 1.9
diff -u -r1.9 file.inc
--- templates/directory/file.inc 18 Aug 2001 06:00:23 -0000 1.9
+++ templates/directory/file.inc 16 Jan 2002 16:52:52 -0000
@@ -1,4 +1,5 @@
<tr class="<?= $attic?'attic':"item$dirrow" ?>">
+<?php if (!Chora::isRestricted($fileName)): ?>
<td nowrap="nowrap">
<a href="<?= $url ?>">
<?php if ($attic) : ?>
@@ -11,9 +12,22 @@
<td>
<b><a href="<?= Chora::url('co', $fileName, array('r' => $head))
?>"><?= $head ?></a></b>
</td>
-<td>
+<?php else: ?>
+ <td nowrap="nowrap">
+<?php if ($attic) : ?>
+ <?= Horde::img('deleted.gif', 'width="16" height="16" alt="' .
_("Deleted File") . '"') ?>
+<?php else: ?>
+ <img src="<?= $icon ?>" border="0" width="16" height="16" alt="<?=
_("File") ?>'" />
+<?php endif; ?>
+ <?= $name ?>
+ </td>
+ <td>
+ <b><?= $head ?></b>
+ </td>
+<?php endif; ?>
+ <td>
<?= $author ?>
-</td>
+ </td>
<td nowrap="nowrap">
<i><?= $readableDate ?></i>