Commit f17c52fd authored by Leigh Stoller's avatar Leigh Stoller

Get rid of paste in text version public key upload. User must provide the

local file, since this appears to be way less error prone then cut and paste.
parent 254ea2ef
......@@ -307,30 +307,16 @@ function SPITFORM($formfields, $returning, $errors)
# SSH public key
#
echo "<tr>
<td rowspan><center>
Your SSH Pub Key: &nbsp<br>
[<b>2</b>]
</center></td>
<td rowspan><center>Upload (1K max)[<b>3</b>]<br>
<b>Or</b><br>
Insert Key
</center></td>
<td rowspan>
<td colspan=2>Upload your SSH Pub Key[<b>2</b>]:<br>
(1K max)</td>
<td>
<input type=hidden name=MAX_FILE_SIZE value=1024>
<input type=file
name=usr_keyfile
value=\"" . $_FILES['usr_keyfile']['name'] .
"\"
size=50>
<br>
<br>
<input type=text
name=\"formfields[usr_key]\"
value=\"$formfields[usr_key]\"
size=50
maxlength=1024>
</td>
</tr>\n";
}
......@@ -404,7 +390,7 @@ function SPITFORM($formfields, $returning, $errors)
regarding passwords and email addresses.\n";
if (!$returning && !$forwikionly) {
echo "<li> If you want us to use your existing ssh public key,
then either paste it in or specify the path to your
then please specify the path to your
your identity.pub file. <font color=red>NOTE:</font>
We use the <a href=http://www.openssh.org target='_blank'>OpenSSH</a>
key format,
......@@ -412,13 +398,8 @@ function SPITFORM($formfields, $returning, $errors)
than some of the commercial vendors such as
<a href=http://www.ssh.com target='_blank'>SSH Communications</a>. If you
use one of these commercial vendors, then please
upload the public key file and we will convert it
for you. <i>Please do not paste it in.</i>\n
<li> Note to <a href=http://www.opera.com target='_blank'><b>Opera 5</b></a>
users: The file upload mechanism is broken in Opera, so
you cannot specify a local file for upload. Instead,
please paste your public key in.\n";
upload the public key file and we will convert it
for you.";
}
echo "</ol>
</blockquote></blockquote>
......@@ -739,10 +720,6 @@ if (! $returning) {
$localfile = $_FILES['usr_keyfile']['tmp_name'];
$args["pubkey"] = file_get_contents($localfile);
}
elseif (isset($formfields['usr_key']) &&
$formfields['usr_key'] != "") {
$args["pubkey"] = $formfields[usr_key];
}
}
if (! ($user = User::NewNewUser(($forwikionly ? TBDB_NEWACCOUNT_WIKIONLY : 0),
$args,
......
......@@ -319,32 +319,18 @@ function SPITFORM($formfields, $returning, $errors)
# SSH public key
#
echo "<tr>
<td rowspan><center>
Your SSH Pub Key: &nbsp<br>
[<b>2</b>]
</center></td>
<td rowspan><center>Upload (1K max)[<b>3</b>]<br>
<b>Or</b><br>
Insert Key
</center></td>
<td rowspan>
<td colspan=2>Upload your SSH Pub Key[<b>2</b>]:<br>
(1K max)</td>
<td>
<input type=hidden name=MAX_FILE_SIZE value=1024>
<input type=file
name=usr_keyfile
value=\"" . $_FILES['usr_keyfile']['name'] . "\"
size=50>
<br>
<br>
<input type=text
name=\"formfields[usr_key]\"
value=\"$formfields[usr_key]\"
size=50
maxlength=1024>
</td>
</tr>\n";
#
# Password. Note that we do not resend the password. User
# must retype on error.
......@@ -550,7 +536,7 @@ function SPITFORM($formfields, $returning, $errors)
regarding passwords and email addresses.\n";
if (! $returning) {
echo "<li> If you want us to use your existing ssh public key,
then either paste it in or specify the path to your
then please specify the path to your
your identity.pub file. <font color=red>NOTE:</font>
We use the <a href=http://www.openssh.org target='_blank'>OpenSSH</a>
key format,
......@@ -558,13 +544,8 @@ function SPITFORM($formfields, $returning, $errors)
than some of the commercial vendors such as
<a href=http://www.ssh.com target='_blank'>SSH Communications</a>. If you
use one of these commercial vendors, then please
upload the public key file and we will convert it
for you. <i>Please do not paste it in.</i>\n
<li> Note to <a href=http://www.opera.com target='_blank'><b>Opera 5</b></a>
users: The file upload mechanism is broken in Opera, so
you cannot specify a local file for upload. Instead,
please paste your public key in.\n";
upload the public key file and we will convert it
for you.\n";
}
echo "</ol>
</blockquote></blockquote>
......@@ -912,10 +893,6 @@ if (!$returning) {
$localfile = $_FILES['usr_keyfile']['tmp_name'];
$args["pubkey"] = file_get_contents($localfile);
}
elseif (isset($formfields['usr_key']) &&
$formfields['usr_key'] != "") {
$args["pubkey"] = $formfields[usr_key];
}
if (! ($leader = User::NewNewUser(TBDB_NEWACCOUNT_PROJLEADER,
$args,
......
......@@ -164,24 +164,16 @@ function SPITFORM($formfields, $errors)
# SSH public key
#
echo "<tr>
<td rowspan><center>Upload (4K max)[<b>3,4</b>]<br>
<b>Or</b><br>
Insert Key
</center></td>
<td>Upload Public Key[<b>3,4</b>]:<br>
(4K max)
</td>
<td rowspan>
<td>
<input type=hidden name=MAX_FILE_SIZE value=4096>
<input type=file
name=usr_keyfile
value=\"" . $_FILES['usr_keyfile']['name'] . "\"
size=50>
<br>
<br>
<input type=text
name=\"formfields[usr_key]\"
value=\"$formfields[usr_key]\"
size=50
maxlength=1024>
</td>
</tr>\n";
......@@ -234,8 +226,7 @@ function SPITFORM($formfields, $errors)
different protocol 2 public key format than some of the commercial
vendors such as <a href=www.ssh.com>SSH Communications</a>. If you
use one of these commercial vendors, then please upload the public
key file and we will convert it for you. <i>Please do not paste
it in.</i>\n";
key file and we will convert it for you.\n";
}
#
......@@ -254,27 +245,8 @@ if (! isset($_POST['submit'])) {
#
$errors = array();
if (isset($formfields[usr_key]) &&
strcmp($formfields[usr_key], "")) {
#
# This is passed off to the shell, so taint check it.
#
if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
$errors["PubKey"] = "Invalid characters";
}
else {
#
# Replace any embedded newlines first.
#
$formfields[usr_key] = ereg_replace("[\n]", "", $formfields[usr_key]);
$usr_key = $formfields[usr_key];
$addpubkeyargs = "-k '$usr_key' ";
}
}
#
# If usr provided a file for the key, it overrides the paste in text.
# If usr provided a file for the key ...
#
if (isset($_FILES['usr_keyfile']) &&
$_FILES['usr_keyfile']['name'] != "" &&
......@@ -310,7 +282,7 @@ if (isset($addpubkeyargs)) {
}
}
else {
$errors["Missing Args"] = "Please supply a key or a keyfile";
$errors["Missing Args"] = "Please supply keyfile";
}
# Spit the errors
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment