Example #1
0
function VerifyPageArguments($argspec, $required)
{
    global $drewheader;
    if ($drewheader) {
        trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING);
    }
    $result = array();
    while ($argspec and count($argspec) > 1) {
        $name = array_shift($argspec);
        $type = array_shift($argspec);
        $yep = 0;
        unset($object);
        switch ($type) {
            case PAGEARG_EXPERIMENT:
                if (isset($_REQUEST[URL_EXPERIMENT])) {
                    $idx = $_REQUEST[URL_EXPERIMENT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
                        $object = Experiment::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_EXPTIDX])) {
                    $idx = $_REQUEST[URL_EXPTIDX];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
                        $object = Experiment::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) {
                    $pid = $_REQUEST[URL_PID];
                    $eid = $_REQUEST[URL_EID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) {
                        $object = Experiment::LookupByPidEid($pid, $eid);
                    }
                }
                break;
            case PAGEARG_TEMPLATE:
                if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) {
                    $guid = $_REQUEST[URL_GUID];
                    $vers = $_REQUEST[URL_VERS];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) {
                        $object = Template::Lookup($guid, $vers);
                    }
                } elseif (isset($_REQUEST[URL_TEMPLATE])) {
                    $guidvers = $_REQUEST[URL_TEMPLATE];
                    $yep = 1;
                    if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
                        $guid = $matches[1];
                        $vers = $matches[2];
                        $object = Template::Lookup($guid, $vers);
                    } else {
                        PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
                    }
                }
                break;
            case PAGEARG_INSTANCE:
                if (isset($_REQUEST[URL_INSTANCE])) {
                    $idx = $_REQUEST[URL_INSTANCE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_INSTANCE, $idx)) {
                        $object = TemplateInstance::LookupByExptidx($idx);
                    }
                }
                break;
            case PAGEARG_METADATA:
                if (isset($_REQUEST[URL_METADATA])) {
                    $guidvers = $_REQUEST[URL_METADATA];
                    $yep = 1;
                    if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
                        $guid = $matches[1];
                        $vers = $matches[2];
                        $object = TemplateMetadata::Lookup($guid, $vers);
                    } else {
                        PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
                    }
                }
                break;
            case PAGEARG_PROJECT:
                if (isset($_REQUEST[URL_PROJECT])) {
                    $idx = $_REQUEST[URL_PROJECT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PROJECT, $idx)) {
                        $object = Project::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID])) {
                    $pid = $_REQUEST[URL_PID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid)) {
                        $object = Project::Lookup($pid);
                    }
                }
                break;
            case PAGEARG_GROUP:
                if (isset($_REQUEST[URL_GROUP])) {
                    $idx = $_REQUEST[URL_GROUP];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_GROUP, $idx)) {
                        $object = Group::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) {
                    $pid = $_REQUEST[URL_PID];
                    $gid = $_REQUEST[URL_GID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) {
                        $object = Group::LookupByPidGid($pid, $gid);
                    }
                }
                break;
            case PAGEARG_NODE:
                if (isset($_REQUEST[URL_NODE])) {
                    $idx = $_REQUEST[URL_NODE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODE, $idx)) {
                        $object = Node::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_NODEID])) {
                    $nodeid = $_REQUEST[URL_NODEID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
                        $object = Node::Lookup($nodeid);
                    }
                } elseif (isset($_REQUEST[URL_NODEID_ALT])) {
                    $nodeid = $_REQUEST[URL_NODEID_ALT];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
                        $object = Node::Lookup($nodeid);
                    }
                }
                break;
            case PAGEARG_USER:
                if (isset($_REQUEST[URL_USER])) {
                    $idx = $_REQUEST[URL_USER];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_USER, $idx)) {
                        $object = User::Lookup($idx);
                    }
                } elseif (isset($_REQUEST[URL_UID])) {
                    $uid = $_REQUEST[URL_UID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_UID, $uid)) {
                        $object = User::Lookup($uid);
                    }
                }
                break;
            case PAGEARG_IMAGE:
                if (isset($_REQUEST[URL_IMAGEID])) {
                    $imageid = $_REQUEST[URL_IMAGEID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
                        $object = Image::Lookup($imageid);
                    }
                } elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $imageid = $_REQUEST[$name];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
                        $object = Image::Lookup($imageid);
                    }
                }
                break;
            case PAGEARG_OSINFO:
                if (isset($_REQUEST[URL_OSID])) {
                    $osid = $_REQUEST[URL_OSID];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_OSINFO, $osid)) {
                        $object = OSinfo::Lookup($osid);
                    }
                }
                break;
            case PAGEARG_BOOLEAN:
                if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) {
                        $object = True;
                    } elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) {
                        $object = False;
                    }
                }
                break;
            case PAGEARG_INTEGER:
            case PAGEARG_NUMERIC:
            case PAGEARG_ARRAY:
                if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    if (!ValidateArgument($type, $object)) {
                        unset($object);
                    }
                }
                break;
            case PAGEARG_ANYTHING:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Anything allowed, caller BETTER check it.
                }
                break;
            case PAGEARG_ALPHALIST:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) {
                        unset($object);
                    } else {
                        $object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]);
                    }
                }
                break;
            case PAGEARG_STRING:
            default:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Pages never get arguments with special chars. Check.
                    if (preg_match("/[\\'\"]/", $object)) {
                        $object = htmlspecialchars($object);
                        PAGEARGERROR("Invalid characters in '{$name}': {$object}");
                    }
                }
                break;
            case PAGEARG_PASSWORD:
            default:
                if (isset($_REQUEST[$name])) {
                    $object = $_REQUEST[$name];
                    $yep = 1;
                    # Only printable chars.
                    if (!preg_match("/^[ -~]+\$/", $object)) {
                        PAGEARGERROR("Invalid characters in '{$name}'");
                    }
                }
                break;
            case PAGEARG_LOGFILE:
                if (isset($_REQUEST[URL_LOGFILE])) {
                    $logid = $_REQUEST[URL_LOGFILE];
                    $yep = 1;
                    if (ValidateArgument(PAGEARG_LOGFILE, $logid)) {
                        $object = Logfile::Lookup($logid);
                    }
                }
                break;
        }
        if (isset($object)) {
            $result[$name] = $object;
            $GLOBALS[$name] = $object;
        } elseif ($yep) {
            #
            # Value supplied but could not be mapped to object.
            # Lets make that clear in the error message.
            #
            USERERROR("Could not map page arguments to '{$name}'", 1);
        } elseif ($required) {
            PAGEARGERROR("Must provide '{$name}' page argument");
        } else {
            unset($GLOBALS[$name]);
        }
    }
    return $result;
}
#
# Okay, validate form arguments.
#
$errors = array();
# Some local variables.
$nsfilelocale = 0;
$thensfile = 0;
$deletensfile = 0;
#
# Project:
#
if (!isset($formfields["pid"]) || $formfields["pid"] == "") {
    $errors["Project"] = "Not Selected";
} elseif (!TBvalid_pid($formfields["pid"])) {
    $errors["Project"] = TBFieldErrorString();
} elseif (!($project = Project::Lookup($formfields["pid"]))) {
    $errors["Project"] = "No such project";
} else {
    #
    # Group: If none specified, then use default group (see below).
    #
    if (isset($formfields["gid"]) && $formfields["gid"] != "") {
        if (!TBvalid_gid($formfields["gid"])) {
            $errors["Group"] = TBFieldErrorString();
        } elseif (!($group = Group::LookupByPidGid($formfields["pid"], $formfields["gid"]))) {
            $errors["Group"] = "No such group in project'";
        }
    } else {
        $group = $project->DefaultGroup();
    }
}
 function AccessCheck($user, $access_type)
 {
     global $TBDB_TRUST_USER;
     $pid_idx = $this->pid_idx();
     if (!($project = Project::Lookup($pid_idx))) {
         TBERROR("ExperimentStats::AccessCheck: " . "Cannot map project {$pid_idx} to its object", 1);
     }
     return $project->AccessCheck($user, $TBDB_TRUST_USER);
 }
Example #4
0
 function Project()
 {
     $pid_idx = $this->pid_idx();
     if ($this->project) {
         return $this->project;
     }
     $this->project = Project::Lookup($pid_idx);
     if (!$this->project) {
         TBERROR("Could not lookup project {$pid_idx}!", 1);
     }
     return $this->project;
 }
Example #5
0
 function FirstApprovedProject()
 {
     $uid_idx = $this->uid_idx();
     $query_result = DBQueryFatal("select pid_idx from group_membership " . "where uid_idx='{$uid_idx}' and pid=gid and " . "      trust!='" . TBDB_TRUSTSTRING_NONE . "' " . "order by date_approved asc limit 1");
     if (mysql_num_rows($query_result) == 0) {
         return null;
     }
     $row = mysql_fetch_array($query_result);
     $pid_idx = $row["pid_idx"];
     if (!($project = Project::Lookup($pid_idx))) {
         TBERROR("User::FirstApprovedProject: " . "Could not load project {$pid_idx}!", 1);
     }
     return $project;
 }
Example #6
0
}
#
# Figure out the NS file to give to the script. Eventually we will allow
# it to come inline as an XML argument.
#
if ($nsfilelocale == "copyid") {
    if (preg_match("/^([-\\w]+),([-\\w]+)\$/", $formfields['copyid'], $matches)) {
        $copypid = $matches[1];
        $copyeid = $matches[2];
        $okay = 0;
        #
        # Project level check if not a current experiment.
        #
        if ($experiment = Experiment::LookupByPidEid($copypid, $copyeid)) {
            $okay = $experiment->AccessCheck($this_user, $TB_EXPT_READINFO);
        } elseif ($project = Project::Lookup($copypid)) {
            $okay = $project->AccessCheck($this_user, $TB_PROJECT_READINFO);
        }
        if (!$okay) {
            $errors["Project/Group"] = "Not enough permission to copy experiment {$copypid}/{$copyeid}";
            EXPERROR();
        }
        if ($copypid != $exp_pid) {
            $extragroups = ",{$copypid}";
        }
    }
    $thensfile = "-c " . escapeshellarg($formfields['copyid']);
} elseif ($nsfilelocale == "local") {
    #
    # No way to tell from here if this file actually exists, since
    # the web server runs as user nobody. The startexp script checks
Example #7
0
 function AccessCheck($user, $access_type)
 {
     global $TB_OSID_READINFO;
     global $TB_OSID_MODIFYINFO;
     global $TB_OSID_DESTROY;
     global $TB_OSID_MIN;
     global $TB_OSID_MAX;
     global $TBDB_TRUST_USER;
     global $TBDB_TRUST_LOCALROOT;
     $mintrust = $TB_OSID_READINFO;
     if ($access_type < $TB_OSID_MIN || $access_type > $TB_OSID_MAX) {
         TBERROR("Invalid access type {$access_type}!", 1);
     }
     #
     # Admins do whatever they want!
     #
     if (ISADMIN()) {
         return 1;
     }
     #
     # No GIDs yet.
     #
     $pid = $this->pid();
     $shared = $this->shared();
     $uid = $user->uid();
     #
     # Global OSIDs can be read by anyone.
     #
     if ($shared) {
         if ($access_type == $TB_OSID_READINFO) {
             return 1;
         }
         return 0;
     }
     #
     # Otherwise must have proper trust in the project.
     #
     if ($access_type == $TB_OSID_READINFO) {
         $mintrust = $TBDB_TRUST_USER;
     } else {
         $mintrust = $TBDB_TRUST_LOCALROOT;
     }
     #
     # Need the project object to complete this test.
     #
     if (!($project = Project::Lookup($pid))) {
         TBERROR("Could not map project {$pid} to its object", 1);
     }
     if (TBMinTrust($project->UserTrust($user), $mintrust)) {
         return 1;
     } elseif (!$this->ezid()) {
         return 0;
     }
     #
     # If this is an ez image, look in the image permissions.
     # First look for a user permission, then look for a group permission.
     #
     $osid = $this->osid();
     $uid_idx = $user->uid_idx();
     $trust_none = TBDB_TRUSTSTRING_NONE;
     $query_result = DBQueryFatal("select allow_write from image_permissions " . "where imageid='{$osid}' and " . "      permission_type='user' and " . "      permission_idx='{$uid_idx}'");
     if (mysql_num_rows($query_result)) {
         $row = mysql_fetch_array($query_result);
         # Only allowed to read.
         if ($access_type == $TB_OSID_READINFO) {
             return 1;
         }
     }
     $trust_none = TBDB_TRUSTSTRING_NONE;
     $query_result = DBQueryFatal("select allow_write from group_membership as g " . "left join image_permissions as p on " . "     p.permission_type='group' and " . "     p.permission_idx=g.gid_idx " . "where g.uid_idx='{$uid_idx}' and " . "      p.imageid='{$osid}' and " . "      trust!='{$trust_none}'");
     if (mysql_num_rows($query_result)) {
         # Only allowed to read.
         if ($access_type == $TB_OSID_READINFO) {
             return 1;
         }
     }
     return 0;
 }
Example #8
0
 function LoadProject()
 {
     $pid_idx = $this->pid_idx();
     if (!($project = Project::Lookup($pid_idx))) {
         TBERROR("Group::LoadProject: Could not load project {$pid_idx}!", 1);
     }
     $this->project = $project;
     return 0;
 }
Example #9
0
        PAGEARGERROR("Project {$pid} is not a valid project!");
    }
    # Must be admin or project/group root.
    if (!$isadmin && !TBMinTrust(TBGrpTrust($uid, $pid, $pid), $TBDB_TRUST_GROUPROOT)) {
        USERERROR("You do not have permission to toggle {$type}!", 1);
    }
    $zapurl = CreateURL("showproject", $project);
    $project->SetCVSRepoPublic($value);
    $unix_pid = $project->unix_gid();
    SUEXEC($uid, $unix_pid, "webcvsrepo_ctrl {$pid}", SUEXEC_ACTION_DIE);
} elseif ($type == "workbench") {
    # Must validate the pid since we allow non-admins to do this.
    if (!TBvalid_pid($pid)) {
        PAGEARGERROR("Invalid characters in {$pid}");
    }
    if (!($project = Project::Lookup($pid))) {
        PAGEARGERROR("Project {$pid} is not a valid project!");
    }
    # Must be admin
    if (!$isadmin) {
        USERERROR("You do not have permission to toggle {$type}!", 1);
    }
    $zapurl = CreateURL("showproject", $project);
    $project->SetAllowWorkbench($value);
} elseif ($type == "hiderun") {
    RequiredPageArguments("instance", PAGEARG_INSTANCE, "runidx", PAGEARG_INTEGER);
    if (!$instance->AccessCheck($this_user, $TB_EXPT_MODIFY)) {
        USERERROR("You do not have permission to modify this instance", 1);
    }
    $instance->SetRunHidden($runidx, $value);
} else {
Example #10
0
 function Project()
 {
     $pid = $this->pid();
     if (!($project = Project::Lookup($pid))) {
         TBERROR("Could not lookup project {$pid}!", 1);
     }
     return $project;
 }
Example #11
0
 function PendingProjectList()
 {
     $result = array();
     $query_result = DBQueryFatal("select pid_idx, " . " DATE_FORMAT(created, '%m/%d/%y') as day_created " . " from projects " . "where approved='0' order by created desc");
     while ($row = mysql_fetch_array($query_result)) {
         $pid_idx = $row["pid_idx"];
         $created = $row["day_created"];
         if (!($project = Project::Lookup($pid_idx))) {
             TBERROR("Project::PendingProjectList: " . "Could not load project {$pid_idx}!", 1);
         }
         $project->SetTempData($created);
         $result[] = $project;
     }
     return $result;
 }