bbs/sbbs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Editor security implemented, showing invalid routes to non existing *0x functions

Browse Source
This commit is contained in:
Deon George 2020-07-21 21:56:57 +10:00
parent d24a979e24
commit 747e753466
4 changed files with 175 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ctrl/videotex.ini
View File

@ -14,8 +14,10 @@ logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
[prefix:9] [prefix:9]
key=0@videotex key=0@videotex
logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg== logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
user=1
; Ansitex Help Pages ; Ansitex Help Pages
[prefix:516] [prefix:516]
key=516@videotex key=516@videotex
logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg== logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
user=1

1
load/defs.js
View File

@ -10,6 +10,7 @@ var ACTION_NEXT =4; /* Goto next frame */
var ACTION_TERMINATE =5; /* Terminate the session */ var ACTION_TERMINATE =5; /* Terminate the session */
var ACTION_SUBMITRF =6; /* Submit form contents */ var ACTION_SUBMITRF =6; /* Submit form contents */
var ACTION_STAR =7; /* Star command entry */ var ACTION_STAR =7; /* Star command entry */
var ACTION_EDIT =8; /* Edit a frame */
var MODE_BL =1; /* Typing * command on baseline */ var MODE_BL =1; /* Typing * command on baseline */
var MODE_FIELD =2; /* Field Input */ var MODE_FIELD =2; /* Field Input */

103
load/funcs.js
View File

@ -94,6 +94,37 @@ function getArg(key,error,abort) {
} }
} }
function getPageOwners() {
// Load the owner configuration into memory
if (! pageowners.length) {
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
if (f.open("r")) {
var logo = f.iniGetValue('prefix','logo');
var users = f.iniGetValue('prefix','user');
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
pageowners.push({prefix: 0,logo: logo,user:users});
f.iniGetSections('prefix:').forEach(function (prefix) {
var p = parseInt(prefix.substr(7));
var logo = f.iniGetValue(prefix,'logo','');
var users = f.iniGetValue(prefix,'user','');
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
pageowners.push({prefix: p,logo: logo,user: users});
});
}
f.close();
// Sort the pageowners ascending
pageowners.sort(compare);
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
}
return pageowners;
}
function loadOptions() { function loadOptions() {
ini = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini')); ini = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
@ -143,44 +174,16 @@ function pageStr(page) {
* @returns {undefined} * @returns {undefined}
*/ */
function pageOwner(page) { function pageOwner(page) {
// Load the owner configuration into memory
if (! pageowners.length) {
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
if (f.open("r")) {
var logo = f.iniGetValue('prefix','logo');
pageowners.push({prefix: 0,logo: logo});
f.iniGetSections('prefix:').forEach(function (prefix) {
var p = parseInt(prefix.substr(7));
var logo = f.iniGetValue(prefix,'logo','');
pageowners.push({prefix: p,logo: logo});
});
}
f.close();
// Sort the pageowners ascending
pageowners.sort(compare);
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
}
var BreakException = {}; var BreakException = {};
var pageowner = o = null; var o = null;
try { try {
pageowners.forEach(function(owner) { getPageOwners().forEach(function(owner) {
var p = owner.prefix.toString(); var p = owner.prefix.toString();
o = owner; o = owner;
//log(LOG_DEBUG,'- pageOwner: p='+p+'('+p.length+') ,o: '+o);
match = '';
var re = new RegExp('^' + p, 'g'); var re = new RegExp('^' + p, 'g');
if (page.toString().match(re) && (p.length > match.length)) { if (page.toString().match(re)) {
match = p;
pageowner = o;
//log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o); //log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o);
throw BreakException; throw BreakException;
} }
@ -190,9 +193,43 @@ function pageOwner(page) {
if (e !== BreakException) throw e; if (e !== BreakException) throw e;
} }
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(pageowner ? pageowner : o)); //log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(o));
return o;
}
return pageowner ? pageowner : o; /**
* Can the user edit the frame
*
* @param page
* @param user
*/
function pageEditor(page) {
//log(LOG_DEBUG,'+ pageEditor: page='+page+', user #'+user.number);
var BreakException = {};
var pageditor = false;
try {
getPageOwners().forEach(function(owner) {
var p = owner.prefix.toString();
//log(LOG_DEBUG,' - pageEditor: '+JSON.stringify(owner));
frameusers = owner.user ? owner.user.toString().split(',') : [1];
log(LOG_DEBUG,' - pageEditor: p='+p+'('+p.length+') user ['+JSON.stringify(frameusers)+'] - :'+frameusers.indexOf(user.number.toString()));
var re = new RegExp('^' + p, 'g');
if (page.toString().match(re) && (frameusers.indexOf(user.number.toString()) == 1)) {
pageditor = true;
throw BreakException;
}
});
} catch (e) {
if (e !== BreakException) throw e;
}
//log(LOG_DEBUG,'+ pageEditor: page='+page+', editor: '+JSON.stringify(pageditor));
return pageditor;
} }
function compare(a,b) { function compare(a,b) {

126
main.js
View File

@ -29,6 +29,7 @@ while(bbs.online) {
var inkey_timeout = 60000; // Timeout waiting for input var inkey_timeout = 60000; // Timeout waiting for input
var fo = null; // Current Frame var fo = null; // Current Frame
var fn = null; // Current Field Number for an Input Frame var fn = null; // Current Field Number for an Input Frame
var fe = null; // Frame to edit
var history = []; // Page history var history = []; // Page history
var cf = null; // Current Input Field var cf = null; // Current Input Field
@ -166,52 +167,92 @@ while(bbs.online) {
break; break;
} }
// Edit specific frame // Invalid system pages.
if (cmd.match(/^04/) && read.match(/[a-z]/)) { if (cmd.match(/^0[2367]/)) {
// @todo cursorOff();
sendBaseline(ERR_ROUTE, false);
mode = action = false; mode = action = false;
cmd = ''; cmd = '';
cursorOff(); }
sendBaseline(ERR_NOT_IMPLEMENTED,false);
// Edit specific frame
if (cmd.match(/^04/) && read.match(/[a-z]/)) {
var page = cmd.substr(2,cmd.length-1);
// If we are not a user
if (! user.number) {
cursorOff();
sendBaseline(ERR_ROUTE,false);
action = false;
} else {
fe = { frame: page, index: read };
cursorOff();
action = ACTION_EDIT;
log(LOG_DEBUG,'- MODE_BL: EDIT ['+JSON.stringify(fe)+']');
}
mode = false;
cmd = '';
break; break;
} }
// Bookmark frame // Bookmark frame
if (cmd == '05') { if (cmd == '05') {
// @todo if (! user.number) {
mode = action = false; cursorOff();
cmd = ''; sendBaseline(ERR_ROUTE, false);
cursorOff(); mode = action = false;
sendBaseline(ERR_NOT_IMPLEMENTED,false); cmd = '';
} else {
// @todo
cursorOff();
sendBaseline(ERR_NOT_IMPLEMENTED,false);
mode = action = false;
cmd = '';
}
break; break;
} }
// Report Problem // Report Problem
if (cmd == '08') { if (cmd == '08') {
// @todo if (! user.number) {
mode = action = false; cursorOff();
cmd = ''; sendBaseline(ERR_ROUTE, false);
cursorOff(); mode = action = false;
sendBaseline(ERR_NOT_IMPLEMENTED,false); cmd = '';
} else {
// @todo
cursorOff();
sendBaseline(ERR_NOT_IMPLEMENTED,false);
mode = action = false;
cmd = '';
}
break; break;
} }
// Reload frame // Reload frame
if (cmd == '09') { if (cmd == '09') {
// @todo cursorOff();
action = ACTION_GOTO; action = ACTION_GOTO;
cmd = ''; cmd = '';
cursorOff();
next_page = { frame: fo.frame, index: fo.index}; next_page = { frame: fo.frame, index: fo.index};
break; break;
} }
// Another star aborts the command // Another star aborts the command
if (read == '*') { if (read == '*') {
mode = action = false;
sendBaseline('',false); sendBaseline('',false);
cmd = '';
cursorOff(); cursorOff();
mode = action = false;
cmd = '';
if (cf) { if (cf) {
// If there is a control for this field, // If there is a control for this field,
@ -232,8 +273,6 @@ while(bbs.online) {
// Nothing typed between * and # // Nothing typed between * and #
// *# means go back // *# means go back
if (cmd == '') { if (cmd == '') {
mode = false;
cursorOff();
sendBaseline('',false); sendBaseline('',false);
action = ACTION_BACKUP; action = ACTION_BACKUP;
@ -243,10 +282,14 @@ while(bbs.online) {
// Edit frame // Edit frame
} else if (cmd == '04') { } else if (cmd == '04') {
mode = action = false; // If we are not a user
if (! user.number) {
sendBaseline(ERR_ROUTE,false);
action = false;
require('ansitex/load/edit.js','CONTROL_EDIT'); } else {
control.push(new edit(fo)); action = ACTION_EDIT;
}
} else { } else {
next_page = { frame: cmd }; next_page = { frame: cmd };
@ -634,6 +677,41 @@ while(bbs.online) {
break; break;
} }
// Edit a frame
case ACTION_EDIT:
log(LOG_DEBUG,'- ACTION_EDIT: ['+JSON.stringify(fe)+']');
if (! pageEditor(fe ? fe.frame : fo.frame)) {
cursorOff();
sendBaseline(ACCESS_DENIED,false);
action = false;
break;
}
require('ansitex/load/edit.js','CONTROL_EDIT');
// @todo validate that the user is authorised to edit it.
// If we are editing a specific frame, attempt to load it
if (fe) {
current = fo;
fo = new TexFrame();
fo.load(pageStr(fe));
if (fo.page == null) {
fo = current;
// sendbaseline ERR_PAGE
sendBaseline(ERR_ROUTE,false);
mode = action = false;
break;
}
}
control.push(new edit(fo));
mode = false;
action = false;
break;
// Goto specific page // Goto specific page
case ACTION_GOTO: case ACTION_GOTO:
log(LOG_DEBUG,'- ACTION_GOTO: ['+(next_page ? pageStr(next_page) : '')+']'); log(LOG_DEBUG,'- ACTION_GOTO: ['+(next_page ? pageStr(next_page) : '')+']');