From 737d448bebcbf1ac7e82942508030aa5bf6c576e Mon Sep 17 00:00:00 2001 From: Stefan Ritt Date: Fri, 13 Feb 2009 09:59:57 +0000 Subject: [PATCH] Show errer of forbidden attributes are used SVN revision: 2172 --- src/elogd.c | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/src/elogd.c b/src/elogd.c index 84ea6c1c..52765a73 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -7064,6 +7064,21 @@ int scan_attributes(char *logbook) memset(attr_list, 0, sizeof(attr_list)); n = strbreak(list, attr_list, MAX_N_ATTR, ",", FALSE); + /* check for forbidden attributes */ + for (i = 0; i < n; i++) { + if (strieq(attr_list[i], "text") || + strieq(attr_list[i], "date") || + strieq(attr_list[i], "encoding") || + strieq(attr_list[i], "reply to") || + strieq(attr_list[i], "locked by") || + strieq(attr_list[i], "in reply to") || + strieq(attr_list[i], "attachment")) { + sprintf(str, loc("Forbidden attribute: %s"), attr_list[i]); + show_error(str); + return -1; + } + } + /* get options lists for attributes */ memset(attr_options, 0, sizeof(attr_options)); for (i = 0; i < n; i++) { @@ -22216,12 +22231,14 @@ void submit_elog(LOGBOOK * lbs) else index--; /* repeat this loop */ } else - strlcpy(str2, ua, sizeof(str)); + strlcpy(str2, ua, sizeof(str2)); if (isparam(str2)) { - if (strchr(getparam(str2), ' ')) - sprintf(str + strlen(str), "\"%s\"", getparam(str2)); - else + if (strchr(getparam(str2), ' ')) { + strlcat(str, "\"", sizeof(str)); + strlcat(str, getparam(str2), sizeof(str)); + strlcat(str, "\"", sizeof(str)); + } else strlcat(str, getparam(str2), sizeof(str)); } } else @@ -25505,6 +25522,10 @@ void interprete(char *lbook, char *path) lbs = lb_list + i; lbs->n_attr = scan_attributes(lbs->name); + /* check for error during attribute scan */ + if (lbs->n_attr < 0) + return; + if (isparam("wpassword")) { /* check if password correct */ do_crypt(getparam("wpassword"), enc_pwd, sizeof(enc_pwd));