From e61f4561cb5a40df738eb5557f54bc0ffeee8e38 Mon Sep 17 00:00:00 2001
From: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Tue, 12 Sep 2006 01:25:35 +0000
Subject: cleaning up login.pl, fixing serious traversal bug, whitelisting
 $form{path} to one of two options, same for $form{terminal}, removing
 references to HTTP_USER_AGENT

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@69 4979c152-3d1c-0410-bac9-87ea11338e46
---
 login.pl | 69 +++++++++++++++++++---------------------------------------------
 1 file changed, 20 insertions(+), 49 deletions(-)

(limited to 'login.pl')

diff --git a/login.pl b/login.pl
index c1d16c91..7d3ad3c4 100755
--- a/login.pl
+++ b/login.pl
@@ -62,17 +62,16 @@ $| = 1;
 
 eval { require "ledger-smb.conf"; };
 
-
 if ($ENV{CONTENT_LENGTH}) {
-  read(STDIN, $_, $ENV{CONTENT_LENGTH});
+	read(STDIN, $_, $ENV{CONTENT_LENGTH});
 }
 
 if ($ENV{QUERY_STRING}) {
-  $_ = $ENV{QUERY_STRING};
+	$_ = $ENV{QUERY_STRING};
 }
 
 if ($ARGV[0]) {
-  $_ = $ARGV[0];
+	$_ = $ARGV[0];
 }
 
 
@@ -88,60 +87,32 @@ $script = substr($0, $pos + 1);
 
 
 if (-e "$userspath/nologin" && $script ne 'admin.pl') {
-  print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT};
-  print "\nLogin disabled!\n";
-  print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT};
-  exit;
+	print "Content-Type: text/html\n\n<html><body><strong>";
+	print "\nLogin disabled!\n";
+	print "\n</strong></body></html>";
+	exit;
 }
 
 
 if ($form{path}) {
-  $form{path} =~ s/%2f/\//gi;
-  $form{path} =~ s/\.\.\///g;
 
-  if ($form{path} !~ /^bin\//) {
-    print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT};
-    print "\nInvalid path!\n";
-	print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT};
-    exit;
-  }
+	if ($form{path} ne 'bin/lynx'){ $form{path} = 'bin/mozilla';}	
 
+	$ARGV[0] = "$_&script=$script";
+	require "$form{path}/$script";
 
-  $ARGV[0] = "$_&script=$script";
-  require "$form{path}/$script";
 } else {
 
-  if (!$form{terminal}) {
-    if ($ENV{HTTP_USER_AGENT}) {
-      # web browser
-      $form{terminal} = "lynx";
-      if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) {
-	$form{terminal} = "mozilla";
-      }
-    } else {
-      if ($ENV{TERM} =~ /xterm/) {
-	$form{terminal} = "xterm";
-      }
-      if ($ENV{TERM} =~ /(console|linux|vt.*)/i) {
-	$form{terminal} = "console";
-      }
-    }
-  }
-
-
-  if ($form{terminal}) {
-
-    $ARGV[0] = "path=bin/$form{terminal}&script=$script";
-    map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form;
-
-    require "bin/$form{terminal}/$script";
-    
-  } else {
-
-    print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT};
-    print qq|\nUnknown terminal\n|;
-	print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT};
-  }
+	$form{terminal} = "lynx";
+
+	if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) {
+		$form{terminal} = "mozilla";
+	}
+
+	$ARGV[0] = "path=bin/$form{terminal}&script=$script";
+	map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form;
+
+	require "bin/$form{terminal}/$script";
 
 }
 
-- 
cgit v1.2.3