From dd3152be0442e577692067c5523da4f5ab9d9957 Mon Sep 17 00:00:00 2001 From: cassio Date: Sun, 30 Aug 2015 23:11:57 +0100 Subject: multiple bugs to make submission by command line --- src/team/run.php | 158 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 94 insertions(+), 64 deletions(-) (limited to 'src/team/run.php') diff --git a/src/team/run.php b/src/team/run.php index 9641386..caf3b3d 100644 --- a/src/team/run.php +++ b/src/team/run.php @@ -20,12 +20,12 @@ require('header.php'); $ds = DIRECTORY_SEPARATOR; if($ds=="") $ds = "/"; -if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Submit"]) && isset($_POST["language"]) && - is_numeric($_POST["problem"]) && is_numeric($_POST["language"]) && $_FILES["sourcefile"]["name"]!="") { - if ($_POST["confirmation"] == "confirm") { +if (isset($_POST["problem"]) && isset($_POST["language"]) && + ((isset($_FILES["sourcefile"]) && isset($_POST["Submit"]) && $_FILES["sourcefile"]["name"]!="") || (isset($_POST["data"]) && isset($_POST["name"])))) { + if ($_POST["confirmation"] == "confirm" || (isset($_POST["data"]) && isset($_POST["name"]))) { if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: CONTEST NOT FOUND"; + if(isset($_POST['name']) && $_POST['name'] != '') { + echo "\nRESULT: CONTEST NOT FOUND"; exit; } ForceLoad("../index.php"); @@ -33,62 +33,77 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $prob = myhtmlspecialchars($_POST["problem"]); $lang = myhtmlspecialchars($_POST["language"]); - $probs = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); - $i = 0; - $ss = ""; - for (;$i= count($probs)) { - echo "RESULT: INVALID PROBLEM (options are: " . $ss . ")"; + if(!is_numeric($prob)) { + $probs = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge'); + $i = 0; + $ss = ""; + for (;$i= count($probs)) { + echo "\nRESULT: INVALID PROBLEM (options are: " . $ss . ")"; exit; + } } - $langs = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); - $i = 0; - $ss = ""; - for (;$i= count($langs)) { - echo "RESULT: INVALID LANGUAGE (options are: " . $ss . ")"; - exit; - } - - $type=myhtmlspecialchars($_FILES["sourcefile"]["type"]); - $size=myhtmlspecialchars($_FILES["sourcefile"]["size"]); - $name=myhtmlspecialchars($_FILES["sourcefile"]["name"]); - $temp=myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]); - - if ($size > $ct["contestmaxfilesize"]) { - LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . - "$name with $size bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE TOO LARGE"; + if(!is_numeric($lang)) { + $langs = DBGetLanguages($_SESSION["usertable"]["contestnumber"]); + $i = 0; + $ss = ""; + for (;$i= count($langs)) { + echo "\nRESULT: INVALID LANGUAGE (options are: " . $ss . ")"; exit; } - MSGError("File size exceeds the limit allowed."); - ForceLoad($runteam); } - if(strpos($name,' ') === true || strpos($temp,' ') === true) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE NAME CANNOT HAVE SPACES"; + if(isset($_POST['name']) && $_POST['name'] != '') { + $temp = tempnam("/tmp","bkp-"); + $fout = fopen($temp,"wb"); + fwrite($fout,base64_decode($_POST['data'])); + fclose($fout); + $size=filesize($temp); + $name=$_POST['name']; + if ($size > $ct["contestmaxfilesize"] || strlen($name)>100 || strlen($name)<1) { + echo "\nRESULT: SUBMITTED FILE (OR NAME) TOO LARGE"; exit; } - MSGError("File name cannot contain spaces."); - ForceLoad($runteam); + } else { + $type=myhtmlspecialchars($_FILES["sourcefile"]["type"]); + $size=myhtmlspecialchars($_FILES["sourcefile"]["size"]); + $name=myhtmlspecialchars($_FILES["sourcefile"]["name"]); + $temp=myhtmlspecialchars($_FILES["sourcefile"]["tmp_name"]); + + if ($size > $ct["contestmaxfilesize"]) { + LOGLevel("User {$_SESSION["usertable"]["username"]} tried to submit file " . + "$name with $size bytes ({$ct["contestmaxfilesize"]} max allowed).", 1); + MSGError("File size exceeds the limit allowed."); + ForceLoad($runteam); + } + if (!is_uploaded_file($temp) || strlen($name)>100) { + IntrusionNotify("file upload problem."); + ForceLoad("../index.php"); + } } - if (!is_uploaded_file($temp) || strlen($name)>100) { - if(isset($_POST['pastcode']) && $_POST['pastcode'] != '') { - echo "RESULT: FILE UPLOAD PROBLEM"; + if(strpos($name,' ') === true || strpos($temp,' ') === true || strpos($name,'/') === true || strpos($temp,'/') === true || + strpos($name,'`') === true || strpos($temp,'`') === true || strpos($name,'\'') === true || strpos($temp,'\'') === true || + strpos($name, "\"") === true || strpos($temp, "\"") === true || strpos($name,'$') === true || strpos($temp,'$') === true) { + if(isset($_POST['name']) && $_POST['name'] != '') { + echo "\nRESULT: FILE NAME PROBLEM (EG CANNOT HAVE SPACES)"; exit; } - IntrusionNotify("file upload problem."); - ForceLoad("../index.php"); + MSGError("File name cannot contain spaces."); + ForceLoad($runteam); } - $ac=array('contest','site','user','problem','lang','filename','filepath'); $ac1=array('runnumber','rundate','rundatediff','rundatediffans','runanswer','runstatus','runjudge','runjudgesite', 'runjudge1','runjudgesite1','runanswer1','runjudge2','runjudgesite2','runanswer2', @@ -105,12 +120,16 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $pastcode = myhtmlspecialchars($_POST["pastcode"]); if(isset($_POST["pasthash"]) && isset($_POST["pastval"])) { $pasthash = myhtmlspecialchars($_POST["pasthash"]); + $pastvalhash = myhtmlspecialchars($_POST["pastvalhash"]); $pastval = myhtmlspecialchars($_POST["pastval"]); $pastabs = myhtmlspecialchars($_POST["pastabs"]); - $pastsubmission = myhash(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config') . $pastcode . $pastabs); - if($pastsubmission != $pasthash) { - echo "\nRESULT: INVALID SUBMISSION CODE"; - exit; + $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastval); + if($pastsubmission != $pastvalhash) { + $pastsubmission = myhash(trim(@file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-past.config')) . $pastcode . $pastabs); + if($pastsubmission != $pasthash) { + echo "\nRESULT: INVALID SUBMISSION CODE"; + exit; + } } } else { $pastval = 0; @@ -118,27 +137,38 @@ if (isset($_FILES["sourcefile"]) && isset($_POST["problem"]) && isset($_POST["Su $verify = $pastcode . '-' .$_SESSION["usertable"]["contestnumber"].'-'.$_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"]; $fcname = $_SESSION["locr"] . $ds . "private" . $ds . 'laterun-submitted-' . $_SESSION["usertable"]["contestnumber"].'-'. $_SESSION["usertable"]["usersitenumber"].'-'.$_SESSION["usertable"]["usernumber"].'.txt'; - $codes = @file($fcname); + $codes = @file($fcname,FILE_IGNORE_NEW_LINES); if(in_array($verify,$codes)) { echo "\nRESULT: RUN ALREADY SUBMITTED"; } else { if($pastval > 0) { $param['rundate']=time() - $pastval; - $b = DBSiteInfo($contest, $site, $c); + $b = DBSiteInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"]); $dif = $b["currenttime"]; $param['rundatediff']=$dif - $pastval; } if(DBNewRun ($param) == 2) - @file_put_contents($fcname, $verify . '\n', FILE_APPEND | LOCK_EX); - echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY"; + @file_put_contents($fcname, $verify . "\n", FILE_APPEND | LOCK_EX); + echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY ($pastval)"; } exit; } - DBNewRun ($param); + $retv = DBNewRun ($param); + if(isset($_POST['name']) && $_POST['name'] != '') { + if($retv == 2) + echo "\nRESULT: RUN SUBMITTED SUCCESSFULLY"; + else + echo "\nRESULT: UNKNOWN PROBLEM"; + exit; + } $_SESSION['forceredo']=true; } ForceLoad($runteam); } +if(isset($_POST['name']) && $_POST['name'] != '') { + echo "RESULT: PARAMETERS MISSING"; + exit; +} $runtmp = $_SESSION["locr"] . $ds . "private" . $ds . "runtmp" . $ds . "run-contest" . $_SESSION["usertable"]["contestnumber"] . "-site". $_SESSION["usertable"]["usersitenumber"] . "-user" . $_SESSION["usertable"]["usernumber"] . ".php"; @@ -200,19 +230,19 @@ if (count($run) == 0) $strtmp .= "
NO RUNS $linesubmission = @file_get_contents($_SESSION["locr"] . $ds . "private" . $ds . 'run-using-command.config'); if(trim($linesubmission) == '1') { -$strtmp .= "

To submit a program, use the command-line tool:\n

". - "
boca-submit-run USER PASSWORD PROBLEM LANGUAGE FILE


". - "where 
USER
is your username, 
PASSWORD
is your password, 
FILE
is your submission file,
". - "
PROBLEM
is one of { 
";
+$strtmp .= "

To submit a program, use the command-line tool:\n
".
+	"
boca-submit-run USER PASSWORD PROBLEM LANGUAGE FILE

".
+    "where USER is your username, PASSWORD is your password, FILE is your submission file,
".
+	"PROBLEM is one of { ";
 
 $prob = DBGetProblems($_SESSION["usertable"]["contestnumber"],$_SESSION["usertable"]["usertype"]=='judge');
 for ($i=0;$i