From f97dd499bec751ea40e291aa4b7e3062c7b2df3a Mon Sep 17 00:00:00 2001
From: cassiopc <cassiopc@gmail.com>
Date: Wed, 31 Oct 2012 14:14:34 +0100
Subject: included check of validity of score file sent by sendscore.sh

---
 boca-1.5.2/src/site/putfile.php |  17 ++++++++++++-----
 boca-1.5.2/tools/icpc.etc.tgz   | Bin 9525 -> 9525 bytes
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/boca-1.5.2/src/site/putfile.php b/boca-1.5.2/src/site/putfile.php
index 3155bd8..808eaa5 100644
--- a/boca-1.5.2/src/site/putfile.php
+++ b/boca-1.5.2/src/site/putfile.php
@@ -163,10 +163,17 @@ if(is_writable($_SESSION["locr"] . $remotedir)) {
 	fwrite($fout,$total,10000000);
 	fclose($fout);
 
-	if(@rename($fn, $_SESSION["locr"] . $remotedir . $ds . "score_" . $_SESSION["usertable"]["username"] . 
-			   "_" . $_SESSION["usertable"]["usericpcid"] . "_" . md5(getIP()) . ".dat"))
-		echo "SCORE UPLOADED OK\n";
-	else
-		echo "FAILED: UPDATE SCORE ERROR\n";
+	// test the format of the file
+	$fc=file_get_contents($fout);
+	if(($arr = unserialize(base64_decode($fc)))===false ||
+	   !is_array($arr) || !isset($arr['site'])) {
+		echo "FAILED: File " . $fout . " is not compatible\n";
+	} else {
+		if(@rename($fn, $_SESSION["locr"] . $remotedir . $ds . "score_" . $_SESSION["usertable"]["username"] . 
+				   "_" . $_SESSION["usertable"]["usericpcid"] . "_" . md5(getIP()) . ".dat"))
+			echo "SCORE UPLOADED OK\n";
+		else
+			echo "FAILED: UPDATE SCORE ERROR\n";
+	}
 } else echo "FAILED: PERMISSION DENIED IN THE SERVER\n";
 ?>
diff --git a/boca-1.5.2/tools/icpc.etc.tgz b/boca-1.5.2/tools/icpc.etc.tgz
index 0e4380c..75654cb 100644
Binary files a/boca-1.5.2/tools/icpc.etc.tgz and b/boca-1.5.2/tools/icpc.etc.tgz differ
-- 
cgit v1.2.3