[interchange-cvs] interchange - heins modified
code/SystemTag/captcha.coretag
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Fri Aug 11 11:30:39 EDT 2006
User: heins
Date: 2006-08-11 15:30:39 GMT
Modified: code/SystemTag captcha.coretag
Log:
* Add file security checks.
* Document reset option.
Revision Changes Path
1.3 +30 -8 interchange/code/SystemTag/captcha.coretag
rev 1.3, prev_rev 1.2
Index: captcha.coretag
===================================================================
RCS file: /var/cvs/interchange/code/SystemTag/captcha.coretag,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- captcha.coretag 11 Aug 2006 14:39:03 -0000 1.2
+++ captcha.coretag 11 Aug 2006 15:30:39 -0000 1.3
@@ -32,15 +32,21 @@
my $subdir = $opt->{image_subdir}
|| $::Variable->{CAPTCHA_IMAGE_SUBDIR}
|| 'captcha';
- my $tmpdir = $opt->{tmpdir}
- || "$Vend::Cfg->{ScratchDir}/$subdir";
+ my $tmpdir = "$Vend::Cfg->{ScratchDir}/$subdir";
- mkdir($tmpdir)
- unless -d $tmpdir;
+ mkdir($tmpdir) unless -d $tmpdir;
+
+ my $imgdir = $opt->{image_location} || $::Variable->{CAPTCHA_IMAGE_LOCATION};
+
+ unless ($imgdir ) {
+ if(! $Global::NoAbsolute and $::Variable->{DOCROOT}) {
+ $imgdir = "$::Variable->{DOCROOT}$::Variable->{IMAGE_DIR}/$subdir";
+ }
+ else {
+ $imgdir = "images/$subdir";
+ }
+ }
- my $imgdir = $opt->{image_location}
- || $::Variable->{CAPTCHA_IMAGE_LOCATION}
- || "$::Variable->{DOCROOT}$::Variable->{IMAGE_DIR}/$subdir";
my $imgpath = $opt->{image_path}
|| $::Variable->{CAPTCHA_IMAGE_PATH}
|| "$::Variable->{IMAGE_DIR}/$subdir";
@@ -95,6 +101,15 @@
}
eval {
+
+ unless( Vend::File::allowed_file($imgdir, 1) ) {
+ my $msg = errmsg("No permission to write directory '%s'", $imgdir);
+ $Tag->error( { name => $en, set => $msg });
+ return 0;
+ }
+
+ mkdir($imgdir) unless -d $imgdir;
+
if(! $code) {
$code = $Vend::Session->{captcha} = $captcha->generate_code($opt->{length});
$Vend::Captcha = $code;
@@ -144,7 +159,7 @@
[captcha function="check|code|image|relative_image|image_tag"
length="4"
image-subdir="captcha"
- image-location="/var/www/html/standard/images/captcha"
+ image-location="images/captcha"
image-path="/standard/images/captcha"
source="[cgi mv_captcha_source]"
error-name="captcha"
@@ -217,6 +232,13 @@
When set, tells the image function (when in name-only mode) to
return relative path.
+
+=item reset
+
+Normally only one captcha code / image will be generated per page
+transaction. If this is set, you can generate another one -- though
+you would have to take care of saving the generated code yourself,
+as $Session->{captcha} is overwritten.
=item source
More information about the interchange-cvs
mailing list