Mise jour de MoinMoin

darcs-hash:20080311120055-61eff-242468a771560577643cf49e457370f91e1bd8ac.gz

wiki/user.py

@@ -6,7 +6,7 @@
     @license: GNU GPL, see COPYING for details.
 """
 
-import os, time, sha, codecs
+import os, time, sha, codecs, re
 
 try:
     import cPickle as pickle
@@ -19,6 +19,7 @@ PICKLE_PROTOCOL = pickle.HIGHEST_PROTOCOL
 from MoinMoin import config, caching, wikiutil
 from MoinMoin.util import filesys, timefuncs
 
+USERID_re = re.compile(r'^\d+\.\d+(\.\d+)?$')
 
 def getUserList(request):
     """ Get a list of all (numerical) user IDs.
@@ -27,10 +28,9 @@ def getUserList(request):
     @rtype: list
     @return: all user IDs
     """
-    import re, dircache
-    user_re = re.compile(r'^\d+\.\d+(\.\d+)?$')
+    import dircache
     files = dircache.listdir(request.cfg.user_dir)
-    userlist = [f for f in files if user_re.match(f)]
+    userlist = [f for f in files if USERID_re.match(f)]
     return userlist
 
 
@@ -210,7 +210,7 @@ class User:
         self._cfg = request.cfg
         self.valid = 0
         self.trusted = 0
-        self.id = id
+        self.id = self.id_sanitycheck(id)
         self.auth_username = auth_username
         self.auth_method = kw.get('auth_method', 'internal')
         self.auth_attribs = kw.get('auth_attribs', ())
@@ -299,6 +299,15 @@ class User:
         from random import randint
         return "%s.%d" % (str(time.time()), randint(0,65535))
 
+    def id_sanitycheck(self, id):
+        """ only return valid user IDs, avoid someone faking his cookie to
+            contain '../../../somefile', breaking out of the data/user/ directory!
+        """
+        if id and USERID_re.match(id):
+            return id
+        else:
+            return None
+
     def create_or_update(self, changed=False):
         """ Create or update a user profile