Editor security implemented, showing invalid routes to non existing *0x functions

This commit is contained in:
Deon George 2020-07-21 21:56:57 +10:00
parent d24a979e24
commit 747e753466
4 changed files with 175 additions and 57 deletions

View File

@ -14,8 +14,10 @@ logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
[prefix:9]
key=0@videotex
logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
user=1
; Ansitex Help Pages
[prefix:516]
key=516@videotex
logo=AWgBUkEBR04BQlMBWUkBbgE3AWt0ZXgBbg==
user=1

View File

@ -10,6 +10,7 @@ var ACTION_NEXT =4; /* Goto next frame */
var ACTION_TERMINATE =5; /* Terminate the session */
var ACTION_SUBMITRF =6; /* Submit form contents */
var ACTION_STAR =7; /* Star command entry */
var ACTION_EDIT =8; /* Edit a frame */
var MODE_BL =1; /* Typing * command on baseline */
var MODE_FIELD =2; /* Field Input */

View File

@ -94,6 +94,37 @@ function getArg(key,error,abort) {
}
}
function getPageOwners() {
// Load the owner configuration into memory
if (! pageowners.length) {
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
if (f.open("r")) {
var logo = f.iniGetValue('prefix','logo');
var users = f.iniGetValue('prefix','user');
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
pageowners.push({prefix: 0,logo: logo,user:users});
f.iniGetSections('prefix:').forEach(function (prefix) {
var p = parseInt(prefix.substr(7));
var logo = f.iniGetValue(prefix,'logo','');
var users = f.iniGetValue(prefix,'user','');
log(LOG_DEBUG,'+ pageOwner: users='+JSON.stringify(users));
pageowners.push({prefix: p,logo: logo,user: users});
});
}
f.close();
// Sort the pageowners ascending
pageowners.sort(compare);
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
}
return pageowners;
}
function loadOptions() {
ini = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
@ -143,44 +174,16 @@ function pageStr(page) {
* @returns {undefined}
*/
function pageOwner(page) {
// Load the owner configuration into memory
if (! pageowners.length) {
var f = new File(file_cfgname(system.mods_dir,'ansitex/ctrl/videotex.ini'));
if (f.open("r")) {
var logo = f.iniGetValue('prefix','logo');
pageowners.push({prefix: 0,logo: logo});
f.iniGetSections('prefix:').forEach(function (prefix) {
var p = parseInt(prefix.substr(7));
var logo = f.iniGetValue(prefix,'logo','');
pageowners.push({prefix: p,logo: logo});
});
}
f.close();
// Sort the pageowners ascending
pageowners.sort(compare);
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
}
var BreakException = {};
var pageowner = o = null;
var o = null;
try {
pageowners.forEach(function(owner) {
getPageOwners().forEach(function(owner) {
var p = owner.prefix.toString();
o = owner;
//log(LOG_DEBUG,'- pageOwner: p='+p+'('+p.length+') ,o: '+o);
match = '';
var re = new RegExp('^' + p, 'g');
if (page.toString().match(re) && (p.length > match.length)) {
match = p;
pageowner = o;
if (page.toString().match(re)) {
//log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o);
throw BreakException;
}
@ -190,9 +193,43 @@ function pageOwner(page) {
if (e !== BreakException) throw e;
}
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(pageowner ? pageowner : o));
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(o));
return o;
}
return pageowner ? pageowner : o;
/**
* Can the user edit the frame
*
* @param page
* @param user
*/
function pageEditor(page) {
//log(LOG_DEBUG,'+ pageEditor: page='+page+', user #'+user.number);
var BreakException = {};
var pageditor = false;
try {
getPageOwners().forEach(function(owner) {
var p = owner.prefix.toString();
//log(LOG_DEBUG,' - pageEditor: '+JSON.stringify(owner));
frameusers = owner.user ? owner.user.toString().split(',') : [1];
log(LOG_DEBUG,' - pageEditor: p='+p+'('+p.length+') user ['+JSON.stringify(frameusers)+'] - :'+frameusers.indexOf(user.number.toString()));
var re = new RegExp('^' + p, 'g');
if (page.toString().match(re) && (frameusers.indexOf(user.number.toString()) == 1)) {
pageditor = true;
throw BreakException;
}
});
} catch (e) {
if (e !== BreakException) throw e;
}
//log(LOG_DEBUG,'+ pageEditor: page='+page+', editor: '+JSON.stringify(pageditor));
return pageditor;
}
function compare(a,b) {

108
main.js
View File

@ -29,6 +29,7 @@ while(bbs.online) {
var inkey_timeout = 60000; // Timeout waiting for input
var fo = null; // Current Frame
var fn = null; // Current Field Number for an Input Frame
var fe = null; // Frame to edit
var history = []; // Page history
var cf = null; // Current Input Field
@ -166,52 +167,92 @@ while(bbs.online) {
break;
}
// Edit specific frame
if (cmd.match(/^04/) && read.match(/[a-z]/)) {
// @todo
// Invalid system pages.
if (cmd.match(/^0[2367]/)) {
cursorOff();
sendBaseline(ERR_ROUTE, false);
mode = action = false;
cmd = '';
}
// Edit specific frame
if (cmd.match(/^04/) && read.match(/[a-z]/)) {
var page = cmd.substr(2,cmd.length-1);
// If we are not a user
if (! user.number) {
cursorOff();
sendBaseline(ERR_NOT_IMPLEMENTED,false);
sendBaseline(ERR_ROUTE,false);
action = false;
} else {
fe = { frame: page, index: read };
cursorOff();
action = ACTION_EDIT;
log(LOG_DEBUG,'- MODE_BL: EDIT ['+JSON.stringify(fe)+']');
}
mode = false;
cmd = '';
break;
}
// Bookmark frame
if (cmd == '05') {
// @todo
if (! user.number) {
cursorOff();
sendBaseline(ERR_ROUTE, false);
mode = action = false;
cmd = '';
} else {
// @todo
cursorOff();
sendBaseline(ERR_NOT_IMPLEMENTED,false);
mode = action = false;
cmd = '';
}
break;
}
// Report Problem
if (cmd == '08') {
// @todo
if (! user.number) {
cursorOff();
sendBaseline(ERR_ROUTE, false);
mode = action = false;
cmd = '';
} else {
// @todo
cursorOff();
sendBaseline(ERR_NOT_IMPLEMENTED,false);
mode = action = false;
cmd = '';
}
break;
}
// Reload frame
if (cmd == '09') {
// @todo
cursorOff();
action = ACTION_GOTO;
cmd = '';
cursorOff();
next_page = { frame: fo.frame, index: fo.index};
break;
}
// Another star aborts the command
if (read == '*') {
mode = action = false;
sendBaseline('',false);
cmd = '';
cursorOff();
mode = action = false;
cmd = '';
if (cf) {
// If there is a control for this field,
@ -232,8 +273,6 @@ while(bbs.online) {
// Nothing typed between * and #
// *# means go back
if (cmd == '') {
mode = false;
cursorOff();
sendBaseline('',false);
action = ACTION_BACKUP;
@ -243,10 +282,14 @@ while(bbs.online) {
// Edit frame
} else if (cmd == '04') {
mode = action = false;
// If we are not a user
if (! user.number) {
sendBaseline(ERR_ROUTE,false);
action = false;
require('ansitex/load/edit.js','CONTROL_EDIT');
control.push(new edit(fo));
} else {
action = ACTION_EDIT;
}
} else {
next_page = { frame: cmd };
@ -634,6 +677,41 @@ while(bbs.online) {
break;
}
// Edit a frame
case ACTION_EDIT:
log(LOG_DEBUG,'- ACTION_EDIT: ['+JSON.stringify(fe)+']');
if (! pageEditor(fe ? fe.frame : fo.frame)) {
cursorOff();
sendBaseline(ACCESS_DENIED,false);
action = false;
break;
}
require('ansitex/load/edit.js','CONTROL_EDIT');
// @todo validate that the user is authorised to edit it.
// If we are editing a specific frame, attempt to load it
if (fe) {
current = fo;
fo = new TexFrame();
fo.load(pageStr(fe));
if (fo.page == null) {
fo = current;
// sendbaseline ERR_PAGE
sendBaseline(ERR_ROUTE,false);
mode = action = false;
break;
}
}
control.push(new edit(fo));
mode = false;
action = false;
break;
// Goto specific page
case ACTION_GOTO:
log(LOG_DEBUG,'- ACTION_GOTO: ['+(next_page ? pageStr(next_page) : '')+']');