X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fplanetlab.module;h=2845f7504133307898dbb99ba94a285f806903e3;hb=9a748ac0c230720e6dd9281df441c4d746d6569f;hp=3fd2c5b888f0aa38aa42e1f5e4ebbee36345a14b;hpb=b01e287f4073b2f1edc8857abed2a961cbb25098;p=plewww.git

diff --git a/modules/planetlab.module b/modules/planetlab.module
index 3fd2c5b..2845f75 100644
--- a/modules/planetlab.module
+++ b/modules/planetlab.module
@@ -7,6 +7,7 @@
   //
   // $Id$
   //
+error_reporting(0);
 
 require_once 'plc_config.php';
 require_once 'plc_session.php';
@@ -104,7 +105,10 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
   } else if ($op == 'view') {
     $block = array();
 
-    if (!$plc->person) {
+    if ($plc->hide_planetlab_block) {
+      // do nothing
+      // this is a private hook from the Vicci module to hide the planetlab module
+    } else if (!$plc->person) {
       // Force login via HTTPS
       unset($_GET['time']);
       $form['#action'] = "https://" . $_SERVER['HTTP_HOST'] . url($_GET['q'], drupal_get_destination());
@@ -130,7 +134,7 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
       $block['content'] .= p( href (l_reset_password(),"Forgot your password?") );
       $block['content'] .= p( href(l_person_register(),"Create an account") );
       $block['content'] .= p( href(l_site_register(),"File a site registration") );
-    } else if (plc_advanced()) {
+    } else {
       $block['subject'] = truncate($plc->person['email'],30);
 
       //////////////////// Logout 
@@ -343,6 +347,14 @@ function planetlab_user($type, &$edit, &$user, $category = NULL) {
   }
 }
 
+function isValidFileName($file) {
+
+    /* don't allow .. and allow any "word" character \ / */
+
+    return preg_match('/^(((?:\.)(?!\.))|\w)+$/', $file);
+
+}
+
 function planetlab_page() {
   $path = $_SERVER['DOCUMENT_ROOT'] . preg_replace('/^db\//', '/planetlab/', $_GET['q']);
 
@@ -364,7 +376,12 @@ function planetlab_page() {
       $output = ob_get_contents();
       ob_end_clean();
     } else {
-      $output = file_get_contents($path);
+         if (isValidFileName($path)) {
+            $output = file_get_contents($path);
+         }
+         else {
+            $output = "";
+         }
     }
     return $output;
   }