Merge remote-tracking branch 'origin/develc' into devel

3 files changed, 14 insertions, 3 deletions

diff --git a/src/globals.php b/src/globals.php
index 5183040..5c2a46b 100755
--- a/src/globals.php
+++ b/src/globals.php
@@ -209,6 +209,8 @@ function sanitizeText($text, $doamp=true)
 }
 function sanitizeFilename($text) 
 {
+  $text = preg_replace('/[^[:print:]]/', '',$text);
+  $text = str_replace(" ", "_", $text);
   $text = str_replace("*", "_", $text);
   $text = str_replace("$", "_", $text);
   $text = str_replace(")", "_", $text);
diff --git a/src/team/run.php b/src/team/run.php
index 32c0d25..878f90c 100644
--- a/src/team/run.php
+++ b/src/team/run.php
@@ -74,7 +74,9 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 
     }
     if(isset($_POST['name']) && $_POST['name'] != '') {
-      $temp = tempnam("/tmp","bkp-");
+      $runsfiles = $_SESSION["locr"] . $ds . "private" . $ds . 'runsfiles';
+      @mkdir($runsfiles,0770);
+      $temp = tempnam($runsfiles,"bkp-");
       $fout = fopen($temp,"wb");
       fwrite($fout,base64_decode($_POST['data']));
       fclose($fout);
@@ -111,9 +113,14 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
       MSGError("File name cannot contain spaces.");
       ForceLoad($runteam);		
     }
+
     if(isset($_POST['pastcode']) && $_POST['pastcode'] != '')
       $shaf = myhtmlspecialchars($_POST["pastcode"]);
     else $shaf = @sha1_file($temp);
+
+    if(@rename($temp, $temp . "." . sanitizeFilename($shaf)))
+      $temp = $temp . "." . sanitizeFilename($shaf);
+
     //		$ac=array('contest','site','user','problem','lang','filename','filepath');
     //		$ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite',
     //			   'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2',
@@ -133,6 +140,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
 	exit;
       }
     }
+    $name = str_replace("-", "_", $name);
     $verify = $compv . '-'. $shaf . '-' . $name . '-'. $prob . '-' . $lang . '-' . 
       $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
     
@@ -154,6 +162,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
       @file_put_contents($fcnamex, $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"], LOCK_EX);
     } else {
       if(trim($prevcomp) != $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]) {
+	@file_put_contents($fcname . ".try", $verify1 . "-UNAUTH\n", FILE_APPEND | LOCK_EX);
 	if(isset($_POST['name']) && $_POST['name'] != '') {
 	  echo "\nRESULT: UNAUTHORIZED COMPUTER";
 	  exit;
diff --git a/tools/boca-submit-log b/tools/boca-submit-log
index 1a22ac1..a22a058 100644
--- a/tools/boca-submit-log
+++ b/tools/boca-submit-log
@@ -36,8 +36,8 @@ mkdir -p "$ROOTLOGS"
 
 for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
 
-    ###novoveroot
-    grep -i 'opened for user root' /var/log/auth.log | grep -v CRON | tail -n 500 > $ROOTLOGS/.logsession.tmp
+    ###novoveroot2
+    grep -e 'opened for user root' -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | grep -v CRON | tail -n 500 > $ROOTLOGS/.logsession.tmp
     ###grep -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | tail -n 500 > $ROOTLOGS/.logsession.tmp
     [ -f $ROOTLOGS/.logsession ] || touch $ROOTLOGS/.logsession
     diff $ROOTLOGS/.logsession $ROOTLOGS/.logsession.tmp > $ROOTLOGS/.logsession.diff 2>/dev/null