upload_file() - Code Metrics - Inspection of "web: fix various vulnerabilities" - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — server_release/1/1.4 ( fa038f...715173 )

unknown

created 2024-12-20 08:56 UTC

upload_file() A

↳ Parent: Project

Complexity

Conditions	5
Paths	9

Size

Total Lines	35
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	25
nc	9
nop	1
dl	0
loc	35
rs	9.2088
c	0
b	0
f	0

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2011 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// Per-user "file sandboxes" for job submission.
// These are stored in project-root/sandbox/USERID/
//
// The entries in a sandbox directory have contents
// size md5
//
// The actual files are stored in the download hierarchy,
// with sb_userid_MD5 as the physical name

// NOTE: PHP's default max file upload size is 2MB.
// To increase this, edit /etc/php.ini, and change, e.g.
//
// upload_max_filesize = 64M
// post_max_size = 64M

error_reporting(E_ALL);
ini_set('display_errors', true);
ini_set('display_startup_errors', true);

require_once("../inc/sandbox.inc");
require_once("../inc/submit_db.inc");
require_once("../inc/submit_util.inc");

function list_files($user, $err_msg) {
    $dir = sandbox_dir($user);
    $d = opendir($dir);
    if (!$d) error_page("Can't open sandbox directory");
    page_head("File sandbox");
    echo "
        <form action=sandbox.php method=post ENCTYPE=\"multipart/form-data\">
        <input type=hidden name=action value=upload_file>
        Upload files to your sandbox:
        <p><input size=80 type=file name=\"new_file[]\" multiple=\"multiple\">
        <p> <input class=\"btn btn-default\" type=submit value=Upload>
        </form>
        <hr>
    ";

    form_start('sandbox.php', 'post');
    form_input_hidden('action', 'add_file');
    form_input_text('Name', 'name');
    form_input_textarea('Contents', 'contents');
    form_submit('OK');
    form_end();
    echo "
        <hr>
        <h3>Get web file</h3>
    ";
    form_start('sandbox.php', 'post');
    form_input_hidden('action', 'get_file');
    form_input_text('URL', 'url');
    form_submit('OK');
    form_end();
    page_tail();
}

function list_files($user) {
    $dir = sandbox_dir($user);
    if (!is_dir($dir)) error_page("Can't open sandbox directory");
    page_head("File sandbox");
    $notice = htmlspecialchars(get_str('notice', true));
    if ($notice) {
        echo "<p>$notice<hr>";
    }
    $files = array();
    while (($f = readdir($d)) !== false) {
        if ($f == '.') continue;
        if ($f == '..') continue;
        $files[] = $f;
    }
    if (count($files) == 0) {
        echo "Your sandbox is currently empty.";
    } else {
        sort($files);
        start_table();
        table_header("Name<br><p class=\"text-muted\">(click to view)</p>", "Modified", "Size (bytes)", "MD5", "Delete","Download");
        foreach ($files as $f) {
            $path = "$dir/$f";
            list($error, $size, $md5) = sandbox_parse_link_file($path);
            if ($error) {
                table_row($f, "Can't parse link file", "", "<a href=sandbox.php?action=delete_files&name=$f>delete</a>");
                continue;
            }
            $p = sandbox_physical_path($user, $md5);
            if (!is_file($p)) {
                table_row($f, "Physical file not found", "", "");
                continue;
            }
            $ct = time_str(filemtime($path));
            table_row(
                "<a href=sandbox.php?action=view_file&name=$f>$f</a>",
                $ct,
                $size,
                $md5,
                button_text(
                    "sandbox.php?action=delete_file&name=$f",
                    "Delete"
                ),
                button_text(
                    "sandbox.php?action=download_file&name=$f",
                    "Download"
                )
            );
        }
        end_table();
    }
    page_tail();
}

function upload_file($user) {
    $notice = "";
    $count = count($_FILES['new_file']['tmp_name']);
    for ($i = 0; $i < $count; $i++) {
        $tmp_name = $_FILES['new_file']['tmp_name'][$i];
        if (!is_uploaded_file($tmp_name)) {
            error_page("$tmp_name is not uploaded file");
        }
        $name = $_FILES['new_file']['name'][$i];
        if (strstr($name, "/")) {
            error_page("no / allowed");
        }
        $md5 = md5_file($tmp_name);
        $s = stat($tmp_name);
        $size = $s['size'];
        list($exist, $elf) = sandbox_lf_exist($user, $md5);
        if ($exist){
            $notice .= "<strong>Notice:</strong> Invalid Upload<br/>";
            $notice .= "You are trying to upload file  <strong>$name</strong><br/>";
            $notice .= "Another file <strong>$elf</strong> with the same content (md5: $md5) already exists!<br/>";
        } else {
            // move file to download dir
            //
            $phys_path = sandbox_physical_path($user, $md5);
            rename($tmp_name, $phys_path);

            // write link file
            //
            $dir = sandbox_dir($user);
            $link_path = "$dir/$name";
            sandbox_write_link_file($link_path, $size, $md5);
            $notice .= "Uploaded file <strong>$name</strong><br/>";
        }
    }
    list_files($user, $notice);
}

<<<<<<< HEAD

=======
function add_file($user) {
    $dir = sandbox_dir($user);
    $name = post_str('name');
    if (!is_valid_filename($name)) {
        error_page('bad filename');
    }
    if (!$name) error_page('No name given');
    if (file_exists("$dir/$name")) {
        error_page("file $name exists");
    }
    $contents = post_str('contents');
    $contents = str_replace("\r\n", "\n", $contents);
    file_put_contents("$dir/$name", $contents);

    [$md5, $size] = get_file_info("$dir/$name");
    write_info_file("$dir/.md5/$name", $md5, $size);

    $notice = "Added file <strong>$name</strong> ($size bytes)";
    header(sprintf('Location: sandbox.php?notice=%s', urlencode($notice)));
}

function get_file($user) {
    $dir = sandbox_dir($user);
    $url = post_str('url');
    if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
        error_page('Not a valid URL');
    }
    $fname = basename($url);
    $path = "$dir/$fname";
    if (file_exists($path)) {
        error_page("File $fname exists; delete it first.");
    }
    copy($url, $path);
    $notice = "Fetched file from <strong>$url</strong><br/>";
    header(sprintf('Location: sandbox.php?notice=%s', urlencode($notice)));
}

// delete a sandbox file.
//
>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
function delete_file($user) {
    $name = get_str('name');
    if (!is_valid_filename($name)) {
        error_page('bad filename');
    }
    $dir = sandbox_dir($user);
    list($error, $size, $md5) = sandbox_parse_link_file("$dir/$name");
    if ($error) {
        error_page("can't parse link file");
    }
    $p = sandbox_physical_path($user, $md5);
    if (!is_file($p)) {
        error_page("no such physical file");
    }
    $bused = sandbox_file_in_use($user, $name);
    if ($bused){
        $notice = "<strong>$name</strong> is being used by batch(es), you can not delete it now!<br/>";
    } else{ 
        $notice = "<strong>$name</strong> is not being used by any batch(es) and successfully deleted from your sandbox<br/>";
        unlink("$dir/$name");
        unlink($p);
    
    }
    list_files($user,$notice);
    //Header("Location: sandbox.php");
}
function download_file($user) {
    $name = get_str('name');
    if (!is_valid_filename($name)) {
        error_page('bad filename');
    }
    $dir = sandbox_dir($user);
    list($err, $size, $md5) = sandbox_parse_link_file("$dir/$name");
    if ($err) {
        error_page("can't parse link file");
    }
    $p = sandbox_physical_path($user, $md5);
    if (!is_file($p)) {
        error_page("$p does not exist!");
    }
    do_download($p, $name);
}
function view_file($user) {
    $name = get_str('name');
    if (!is_valid_filename($name)) {
        error_page('bad filename');
    }
    $dir = sandbox_dir($user);
<<<<<<< HEAD
    list($error, $size, $md5) = sandbox_parse_link_file("$dir/$name");
    if ($error) error_page("no such link file");
    $p = sandbox_physical_path($user, $md5);
    if (!is_file($p)) error_page("no such physical file");
=======
    $path = "$dir/$name";
    if (!is_file($path)) {
        error_page("no such file");
    }
>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
    echo "<pre>\n";
    readfile($p);
    echo "</pre>\n";
}

$user = get_logged_in_user();
if (!submit_permissions($user)) error_page("no job submission access");

$action = get_str('action', true);
if (!$action) $action = post_str('action', true);

switch ($action) {
case '': list_files($user,""); break;
case 'upload_file': upload_file($user); break;
case 'delete_file': delete_file($user); break;
case 'download_file': download_file($user); break;
case 'view_file': view_file($user); break;
<<<<<<< HEAD
default: error_page("no such action: $action");
=======
case 'add_form': add_form($user); break;
default: error_page("no such action: ".htmlspecialchars($action));
>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
}

?>


1			<?php
2			// This file is part of BOINC.
3			// http://boinc.berkeley.edu
4			// Copyright (C) 2011 University of California
5			//
6			// BOINC is free software; you can redistribute it and/or modify it
7			// under the terms of the GNU Lesser General Public License
8			// as published by the Free Software Foundation,
9			// either version 3 of the License, or (at your option) any later version.
10			//
11			// BOINC is distributed in the hope that it will be useful,
12			// but WITHOUT ANY WARRANTY; without even the implied warranty of
13			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			// See the GNU Lesser General Public License for more details.
15			//
16			// You should have received a copy of the GNU Lesser General Public License
17			// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
18
19			// Per-user "file sandboxes" for job submission.
20			// These are stored in project-root/sandbox/USERID/
21			//
22			// The entries in a sandbox directory have contents
23			// size md5
24			//
25			// The actual files are stored in the download hierarchy,
26			// with sb_userid_MD5 as the physical name
27
28			// NOTE: PHP's default max file upload size is 2MB.
29			// To increase this, edit /etc/php.ini, and change, e.g.
30			//
31			// upload_max_filesize = 64M
32			// post_max_size = 64M
33
34			error_reporting(E_ALL);
35			ini_set('display_errors', true);
36			ini_set('display_startup_errors', true);
37
38			require_once("../inc/sandbox.inc");
39			require_once("../inc/submit_db.inc");
40			require_once("../inc/submit_util.inc");
41
42			function list_files($user, $err_msg) {
43			$dir = sandbox_dir($user);
44			$d = opendir($dir);
45			if (!$d) error_page("Can't open sandbox directory");
46			page_head("File sandbox");
47			echo "
48			<form action=sandbox.php method=post ENCTYPE=\"multipart/form-data\">
49			<input type=hidden name=action value=upload_file>
50			Upload files to your sandbox:
51			<p><input size=80 type=file name=\"new_file[]\" multiple=\"multiple\">
52			<p> <input class=\"btn btn-default\" type=submit value=Upload>
53			</form>
54			<hr>
55			";
56
57			form_start('sandbox.php', 'post');
58			form_input_hidden('action', 'add_file');
59			form_input_text('Name', 'name');
60			form_input_textarea('Contents', 'contents');
61			form_submit('OK');
62			form_end();
63			echo "
64			<hr>
65			<h3>Get web file</h3>
66			";
67			form_start('sandbox.php', 'post');
68			form_input_hidden('action', 'get_file');
69			form_input_text('URL', 'url');
70			form_submit('OK');
71			form_end();
72			page_tail();
73			}
74
75			function list_files($user) {
76			$dir = sandbox_dir($user);
77			if (!is_dir($dir)) error_page("Can't open sandbox directory");
78			page_head("File sandbox");
79			$notice = htmlspecialchars(get_str('notice', true));
80			if ($notice) {
81			echo "<p>$notice<hr>";
82			}
83			$files = array();
84			while (($f = readdir($d)) !== false) {
85			if ($f == '.') continue;
86			if ($f == '..') continue;
87			$files[] = $f;
88			}
89			if (count($files) == 0) {
90			echo "Your sandbox is currently empty.";
91			} else {
92			sort($files);
93			start_table();
94			table_header("Name<br><p class=\"text-muted\">(click to view)</p>", "Modified", "Size (bytes)", "MD5", "Delete","Download");
95			foreach ($files as $f) {
96			$path = "$dir/$f";
97			list($error, $size, $md5) = sandbox_parse_link_file($path);
98			if ($error) {
99			table_row($f, "Can't parse link file", "", "<a href=sandbox.php?action=delete_files&name=$f>delete</a>");
100			continue;
101			}
102			$p = sandbox_physical_path($user, $md5);
103			if (!is_file($p)) {
104			table_row($f, "Physical file not found", "", "");
105			continue;
106			}
107			$ct = time_str(filemtime($path));
108			table_row(
109			"<a href=sandbox.php?action=view_file&name=$f>$f</a>",
110			$ct,
111			$size,
112			$md5,
113			button_text(
114			"sandbox.php?action=delete_file&name=$f",
115			"Delete"
116			),
117			button_text(
118			"sandbox.php?action=download_file&name=$f",
119			"Download"
120			)
121			);
122			}
123			end_table();
124			}
125			page_tail();
126			}
127
128			function upload_file($user) {
129			$notice = "";
130			$count = count($_FILES['new_file']['tmp_name']);
131			for ($i = 0; $i < $count; $i++) {
132			$tmp_name = $_FILES['new_file']['tmp_name'][$i];
133			if (!is_uploaded_file($tmp_name)) {
134			error_page("$tmp_name is not uploaded file");
135			}
136			$name = $_FILES['new_file']['name'][$i];
137			if (strstr($name, "/")) {
138			error_page("no / allowed");
139			}
140			$md5 = md5_file($tmp_name);
141			$s = stat($tmp_name);
142			$size = $s['size'];
143			list($exist, $elf) = sandbox_lf_exist($user, $md5);
144			if ($exist){
145			$notice .= "<strong>Notice:</strong> Invalid Upload<br/>";
146			$notice .= "You are trying to upload file <strong>$name</strong><br/>";
147			$notice .= "Another file <strong>$elf</strong> with the same content (md5: $md5) already exists!<br/>";
148			} else {
149			// move file to download dir
150			//
151			$phys_path = sandbox_physical_path($user, $md5);
152			rename($tmp_name, $phys_path);
153
154			// write link file
155			//
156			$dir = sandbox_dir($user);
157			$link_path = "$dir/$name";
158			sandbox_write_link_file($link_path, $size, $md5);
159			$notice .= "Uploaded file <strong>$name</strong><br/>";
160			}
161			}
162			list_files($user, $notice);
163			}
164
165			<<<<<<< HEAD
			0 ignored issues – show Coding Style introduced 2024-12-20 09:15 UTC by Report Bug Copy Issue Report PHP syntax error: syntax error, unexpected '<<' (T_SL), expecting end of file Loading history... Coding Style introduced 2024-12-20 09:15 UTC by Report Bug Copy Issue Report Expected 1 space before "<<"; newline found Loading history... Bug introduced 2024-12-20 09:15 UTC by Report Bug Copy Issue Report A parse error occurred: Syntax error, unexpected T_SL on line 165 at column 0 Loading history...
166			=======
167			function add_file($user) {
168			$dir = sandbox_dir($user);
169			$name = post_str('name');
170			if (!is_valid_filename($name)) {
171			error_page('bad filename');
172			}
173			if (!$name) error_page('No name given');
174			if (file_exists("$dir/$name")) {
175			error_page("file $name exists");
176			}
177			$contents = post_str('contents');
178			$contents = str_replace("\r\n", "\n", $contents);
179			file_put_contents("$dir/$name", $contents);
180
181			[$md5, $size] = get_file_info("$dir/$name");
182			write_info_file("$dir/.md5/$name", $md5, $size);
183
184			$notice = "Added file <strong>$name</strong> ($size bytes)";
185			header(sprintf('Location: sandbox.php?notice=%s', urlencode($notice)));
186			}
187
188			function get_file($user) {
189			$dir = sandbox_dir($user);
190			$url = post_str('url');
191			if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
192			error_page('Not a valid URL');
193			}
194			$fname = basename($url);
195			$path = "$dir/$fname";
196			if (file_exists($path)) {
197			error_page("File $fname exists; delete it first.");
198			}
199			copy($url, $path);
200			$notice = "Fetched file from <strong>$url</strong><br/>";
201			header(sprintf('Location: sandbox.php?notice=%s', urlencode($notice)));
202			}
203
204			// delete a sandbox file.
205			//
206			>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
207			function delete_file($user) {
208			$name = get_str('name');
209			if (!is_valid_filename($name)) {
210			error_page('bad filename');
211			}
212			$dir = sandbox_dir($user);
213			list($error, $size, $md5) = sandbox_parse_link_file("$dir/$name");
214			if ($error) {
215			error_page("can't parse link file");
216			}
217			$p = sandbox_physical_path($user, $md5);
218			if (!is_file($p)) {
219			error_page("no such physical file");
220			}
221			$bused = sandbox_file_in_use($user, $name);
222			if ($bused){
223			$notice = "<strong>$name</strong> is being used by batch(es), you can not delete it now!<br/>";
224			} else{
225			$notice = "<strong>$name</strong> is not being used by any batch(es) and successfully deleted from your sandbox<br/>";
226			unlink("$dir/$name");
227			unlink($p);
228
229			}
230			list_files($user,$notice);
231			//Header("Location: sandbox.php");
232			}
233			function download_file($user) {
234			$name = get_str('name');
235			if (!is_valid_filename($name)) {
236			error_page('bad filename');
237			}
238			$dir = sandbox_dir($user);
239			list($err, $size, $md5) = sandbox_parse_link_file("$dir/$name");
240			if ($err) {
241			error_page("can't parse link file");
242			}
243			$p = sandbox_physical_path($user, $md5);
244			if (!is_file($p)) {
245			error_page("$p does not exist!");
246			}
247			do_download($p, $name);
248			}
249			function view_file($user) {
250			$name = get_str('name');
251			if (!is_valid_filename($name)) {
252			error_page('bad filename');
253			}
254			$dir = sandbox_dir($user);
255			<<<<<<< HEAD
256			list($error, $size, $md5) = sandbox_parse_link_file("$dir/$name");
257			if ($error) error_page("no such link file");
258			$p = sandbox_physical_path($user, $md5);
259			if (!is_file($p)) error_page("no such physical file");
260			=======
261			$path = "$dir/$name";
262			if (!is_file($path)) {
263			error_page("no such file");
264			}
265			>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
266			echo "<pre>\n";
267			readfile($p);
268			echo "</pre>\n";
269			}
270
271			$user = get_logged_in_user();
272			if (!submit_permissions($user)) error_page("no job submission access");
273
274			$action = get_str('action', true);
275			if (!$action) $action = post_str('action', true);
276
277			switch ($action) {
278			case '': list_files($user,""); break;
279			case 'upload_file': upload_file($user); break;
280			case 'delete_file': delete_file($user); break;
281			case 'download_file': download_file($user); break;
282			case 'view_file': view_file($user); break;
283			<<<<<<< HEAD
284			default: error_page("no such action: $action");
285			=======
286			case 'add_form': add_form($user); break;
287			default: error_page("no such action: ".htmlspecialchars($action));
288			>>>>>>> c2defb6df6 (web: fix various vulnerabilities)
289			}
290
291			?>
292

BOINC / boinc

Push — server_release/1/1.4 ( fa038f...715173 )

upload_file() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like