aboutsummaryrefslogtreecommitdiff
path: root/src/team/run.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/team/run.php')
-rw-r--r--src/team/run.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/team/run.php b/src/team/run.php
index 32c0d25..878f90c 100644
--- a/src/team/run.php
+++ b/src/team/run.php
@@ -74,7 +74,9 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
}
if(isset($_POST['name']) && $_POST['name'] != '') {
- $temp = tempnam("/tmp","bkp-");
+ $runsfiles = $_SESSION["locr"] . $ds . "private" . $ds . 'runsfiles';
+ @mkdir($runsfiles,0770);
+ $temp = tempnam($runsfiles,"bkp-");
$fout = fopen($temp,"wb");
fwrite($fout,base64_decode($_POST['data']));
fclose($fout);
@@ -111,9 +113,14 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
MSGError("File name cannot contain spaces.");
ForceLoad($runteam);
}
+
if(isset($_POST['pastcode']) && $_POST['pastcode'] != '')
$shaf = myhtmlspecialchars($_POST["pastcode"]);
else $shaf = @sha1_file($temp);
+
+ if(@rename($temp, $temp . "." . sanitizeFilename($shaf)))
+ $temp = $temp . "." . sanitizeFilename($shaf);
+
// $ac=array('contest','site','user','problem','lang','filename','filepath');
// $ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite',
// 'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2',
@@ -133,6 +140,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
exit;
}
}
+ $name = str_replace("-", "_", $name);
$verify = $compv . '-'. $shaf . '-' . $name . '-'. $prob . '-' . $lang . '-' .
$_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"];
@@ -154,6 +162,7 @@ if (isset($_POST["problem"]) && isset($_POST["language"]) &&
@file_put_contents($fcnamex, $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"], LOCK_EX);
} else {
if(trim($prevcomp) != $_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]) {
+ @file_put_contents($fcname . ".try", $verify1 . "-UNAUTH\n", FILE_APPEND | LOCK_EX);
if(isset($_POST['name']) && $_POST['name'] != '') {
echo "\nRESULT: UNAUTHORIZED COMPUTER";
exit;
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-24 17:27:40 +0000