Commit d1852b7f authored by Leigh Stoller's avatar Leigh Stoller

Revert to running the backend script as the user so that perm checks

work! The problem is that temp files will be owned by the user, not
the web interface, and so call out to backend to remove the tempfiles
with a new cleanup option.
parent 96d3ba9d
......@@ -33,10 +33,11 @@ sub dprint($) {
if ($debug);
}
my $optlist = "df:o:s:c:S:C:O:e:tTa";
my $optlist = "df:o:s:c:S:C:O:e:tTak";
my $notitles = 0; # This suppresses titles surrounding the output map.
my $showany = 0; # When showing specific floor, showany is turned on.
my $mereuser = 1;
my $cleanup = 0;
my $building;
my $floor;
......@@ -96,7 +97,7 @@ my $img_n = -1;
# Admin people get extra info
$mereuser = 0
if (!TBAdmin($UID));
if (TBAdmin($UID));
# Ha.
my @floortags = ();
......@@ -136,6 +137,9 @@ if (defined($options{"a"})) {
if (defined($options{"d"})) {
$debug = 1;
}
if (defined($options{"k"})) {
$cleanup = 1;
}
if (defined($options{"t"})) {
$notitles = 1;
}
......@@ -200,6 +204,10 @@ if (defined($options{"O"})) {
}
if (defined($options{"o"})) {
$prefix = $options{"o"};
if ($cleanup) {
unlink "${prefix}.jpg", "${prefix}.map", "${prefix}.state";
exit(0);
}
}
if (defined($options{"e"})) {
......@@ -665,7 +673,7 @@ sub writefiles($@)
"$err\n".
" Could not open ${prefix}.jpg for writing!\n");
}
# Areamap.
if (!open(MAP, "> ${prefix}.map")) {
unlink("${prefix}.jpg");
......@@ -693,7 +701,7 @@ sub writefiles($@)
}
print MAP "</MAP>\n";
close(MAP);
# HTML items save state. They are included into the form by PHP and returned to
# us by HTML-get as page arguments when the map or zoom buttons are clicked on.
if (!open(STATE, "> ${prefix}.state")) {
......
......@@ -247,7 +247,7 @@ if (!preg_match("/^\/tmp\/([-\w]+)$/", $prefix, $matches)) {
}
$uniqueid = $matches[1];
$retval = SUEXEC("nobody", "nobody", "webfloormap -o $prefix " .
$retval = SUEXEC($uid, "nobody", "webfloormap -o $prefix " .
(isset($pid) ? "-e $pid,$eid " : "") .
(isset($floor) ? "-f $floor " : "") .
(isset($building) ? "$building" : "") .
......
......@@ -35,12 +35,16 @@ $prefix = "/tmp/$prefix";
#
function CLEANUP()
{
global $prefix;
global $prefix, $uid;
#
# The backend script (vis/floormap.in) removes all the temp files
# with the -c option. Yucky, but file perms and owners make this
# the easiest way to do it.
#
if (isset($prefix)) {
unlink("${prefix}.jpg");
unlink("${prefix}.map");
unlink("${prefix}.state");
SUEXEC($uid, "nobody", "webfloormap -o $prefix -k ");
# This file does belong to the web server.
unlink($prefix);
}
exit();
......
......@@ -102,7 +102,7 @@ function SPITFORM($errors, $node_id, $isnewid, $building, $floor,
}
$uniqueid = $matches[1];
$retval = SUEXEC("nobody", "nobody",
$retval = SUEXEC($uid, "nobody",
"webfloormap -t -o $prefix -f $floor $building",
SUEXEC_ACTION_IGNORE);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment