diff options
| -rwxr-xr-x | src/globals.php | 2 | ||||
| -rw-r--r-- | src/team/run.php | 11 | ||||
| -rw-r--r-- | tools/boca-submit-log | 4 |
3 files changed, 14 insertions, 3 deletions
diff --git a/src/globals.php b/src/globals.php index 5183040..5c2a46b 100755 --- a/src/globals.php +++ b/src/globals.php @@ -209,6 +209,8 @@ function sanitizeText($text, $doamp=true) } function sanitizeFilename($text) { + $text = preg_replace('/[^[:print:]]/', '',$text); + $text = str_replace(" ", "_", $text); $text = str_replace("*", "_", $text); $text = str_replace("$", "_", $text); $text = str_replace(")", "_", $text); diff --git a/src/team/run.php b/src/team/run.php index 32c0d25..878f90c 100644 --- a/src/team/run.php +++ b/src/team/run.php @@ -74,7 +74,9 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) && } if(isset($_POST['name']) && $_POST['name'] != '') { - $temp = tempnam("/tmp","bkp-"); + $runsfiles = $_SESSION["locr"] . $ds . "private" . $ds . 'runsfiles'; + @mkdir($runsfiles,0770); + $temp = tempnam($runsfiles,"bkp-"); $fout = fopen($temp,"wb"); fwrite($fout,base64_decode($_POST['data'])); fclose($fout); @@ -111,9 +113,14 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) && MSGError("File name cannot contain spaces."); ForceLoad($runteam); } + if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') $shaf = myhtmlspecialchars($_POST["pastcode"]); else $shaf = @sha1_file($temp); + + if(@rename($temp, $temp . "." . sanitizeFilename($shaf))) + $temp = $temp . "." . sanitizeFilename($shaf); + // $ac=array('contest','site','user','problem','lang','filename','filepath'); // $ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite', // 'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2', @@ -133,6 +140,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) && exit; } } + $name = str_replace("-", "_", $name); $verify = $compv . '-'. $shaf . '-' . $name . '-'. $prob . '-' . $lang . '-' . $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]; @@ -154,6 +162,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) && @file_put_contents($fcnamex, $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"], LOCK_EX); } else { if(trim($prevcomp) != $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]) { + @file_put_contents($fcname . ".try", $verify1 . "-UNAUTH\n", FILE_APPEND | LOCK_EX); if(isset($_POST['name']) && $_POST['name'] != '') { echo "\nRESULT: UNAUTHORIZED COMPUTER"; exit; diff --git a/tools/boca-submit-log b/tools/boca-submit-log index 1a22ac1..a22a058 100644 --- a/tools/boca-submit-log +++ b/tools/boca-submit-log @@ -36,8 +36,8 @@ mkdir -p "$ROOTLOGS" for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do - ###novoveroot - grep -i 'opened for user root' /var/log/auth.log | grep -v CRON | tail -n 500 > $ROOTLOGS/.logsession.tmp + ###novoveroot2 + grep -e 'opened for user root' -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | grep -v CRON | tail -n 500 > $ROOTLOGS/.logsession.tmp ###grep -e " su " -e pkexec -e sudo -e "password:session" /var/log/auth.log | tail -n 500 > $ROOTLOGS/.logsession.tmp [ -f $ROOTLOGS/.logsession ] || touch $ROOTLOGS/.logsession diff $ROOTLOGS/.logsession $ROOTLOGS/.logsession.tmp > $ROOTLOGS/.logsession.diff 2>/dev/null |