X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=modules%2Fplanetlab.module;h=2845f7504133307898dbb99ba94a285f806903e3;hb=HEAD;hp=06aa2592a3980532eed75d05545b6dd50058b9be;hpb=31f2c290aac50eac519f4d2c428b6f76c5cb67c9;p=plewww.git

diff --git a/modules/planetlab.module b/modules/planetlab.module
index 06aa259..b20412c 100644
--- a/modules/planetlab.module
+++ b/modules/planetlab.module
@@ -104,7 +104,7 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
   } else if ($op == 'view') {
     $block = array();
 
-    if ($plc->hide_planetlab_block) {
+    if (property_exists($plc, 'hide_planetlab_block')) {
       // do nothing
       // this is a private hook from the Vicci module to hide the planetlab module
     } else if (!$plc->person) {
@@ -136,23 +136,23 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
     } else {
       $block['subject'] = truncate($plc->person['email'],30);
 
-      //////////////////// Logout 
+      //////////////////// Logout
       $bullet_item = '';
       if ($user->uid) {
 	// Drupal logout (destroys the session and cleans up $user)
 	// Thierry unclear when this triggers, I suspect this is obsolete
-	$bullet_item .= l(t('Logout of %s', 
+	$bullet_item .= l(t('Logout of %s',
 			  array('%s' => variable_get('site_name', 'local'))), 'logout');
       } else {
 	// PlanetLab logout (just destroy the session)
 	$bullet_item .= href (l_logout(),'Logout');
       }
       $bullet_item .= ul_start();
-      // logout 
+      // logout
       if ( $plc->alt_person && $plc->alt_auth) {
-	$email = truncate($plc->person['email'],20); 
+	$email = truncate($plc->person['email'],20);
 	$bullet_item .= leaf( href( l_sulogout(),"Un-become $email"));
-      }	
+      }
       $bullet_item .= ul_end();
       $items []= expanded ($bullet_item);
 
@@ -160,13 +160,13 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
       $bullet_item = '';
       $bullet_item .=  l_person_t(plc_my_person_id(),"My Account");
       $bullet_item .= ul_start();
-      if (plc_is_admin() || plc_is_pi()) 
+      if (plc_is_admin() || plc_is_pi())
 	$bullet_item .= leaf( href( l_persons_site(plc_my_site_id()), "My Site Accounts"));
       if (plc_is_admin()) {
 	$bullet_item .= leaf(href(l_persons_peer('local'),'Local Accounts (slow)'));
 	$bullet_item .= leaf(href(l_persons(),'All Accounts (slow)'));
       }
-	
+
       $bullet_item .= ul_end();
       $items [] = expanded($bullet_item);
 
@@ -175,8 +175,8 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
       $bullet_item .= href(l_sites(),"Sites");
       $bullet_item .= ul_start();
       $bullet_item .= plc_my_site_links();
-      if ( plc_is_admin() ) 
-	$bullet_item .= leaf( href(l_sites_pending(),"Pending Requests"));
+      if ( plc_is_admin() )
+	      $bullet_item .= leaf( href(l_sites_pending(),"Pending Requests"));
       $bullet_item .= ul_end();
       $items[] = expanded($bullet_item);
 
@@ -185,26 +185,27 @@ function planetlab_block($op = 'list', $delta = 0, $edit = array()) {
       $bullet_item .= href(l_nodes(),"Nodes");
       $bullet_item .= ul_start();
       $bullet_item .= plc_my_node_links();
-      if (plc_is_admin() || plc_is_pi() || plc_is_tech()) 
-	$bullet_item .= leaf( href (l_register_node(),"Register Node"));
+      if (plc_is_admin() || plc_is_pi() || plc_is_tech()) {
+	      $bullet_item .= leaf( href (l_register_node(), "Register Node (ko)"));
+      }
       $bullet_item .= ul_end();
       $items [] = expanded($bullet_item);
 
       //////////////////// Slices
       $bullet_item = '';
-      //if( !( plc_is_tech() && ! plc_is_user() && ! plc_is_pi() && ! plc_is_admin() ) ) 
+      //if( !( plc_is_tech() && ! plc_is_user() && ! plc_is_pi() && ! plc_is_admin() ) )
       if (plc_is_admin()) {
         $bullet_item .= href(l_slices(),"Slices");
       } else {
         $bullet_item .= href(l_slices(),"My Slices");
       }
       $bullet_item .= ul_start();
-      if (plc_is_admin()) 
+      if (plc_is_admin())
 	$bullet_item .= leaf ( href(l_slices_my_site(), 'My Site Slices'));
       if( plc_is_admin() || plc_is_pi() ) {
 	$bullet_item .= leaf(href(l_slice_add(),"Create Slice"));
       }
-      if( !( plc_is_tech() && ! plc_is_user() && ! plc_is_pi() && ! plc_is_admin() ) ) 
+      if( !( plc_is_tech() && ! plc_is_user() && ! plc_is_pi() && ! plc_is_admin() ) )
 	$bullet_item .= leaf(href(l_sirius(),"Sirius"));
       $bullet_item .= ul_end();
       $items [] = expanded($bullet_item);
@@ -283,14 +284,16 @@ function planetlab_login_submit($form_id, $form_values) {
 
   // Our referring page is encased in a query string of the form
   // "destination=referrer".
-  parse_str(drupal_get_destination()); // => $destination
+  parse_str(drupal_get_destination(), $variables);
+  $destination = $variables['destination'];
 
   // The referrer itself is a URL path with the original query string,
   // e.g. "referer.php?query".
   extract(parse_url($destination)); // => $query
 
   // Which we then have to parse again as a query string.
-  parse_str($query); // => $url
+  parse_str($query, $variables);
+  $url = $variables['url'];
 
   if ($plc->person) {
     // To handle the edge case where this function is called during a
@@ -346,6 +349,14 @@ function planetlab_user($type, &$edit, &$user, $category = NULL) {
   }
 }
 
+function isValidFileName($file) {
+
+    /* don't allow .. and allow any "word" character \ / */
+
+    return preg_match('/^(((?:\.)(?!\.))|\w)+$/', $file);
+
+}
+
 function planetlab_page() {
   $path = $_SERVER['DOCUMENT_ROOT'] . preg_replace('/^db\//', '/planetlab/', $_GET['q']);
 
@@ -367,11 +378,16 @@ function planetlab_page() {
       $output = ob_get_contents();
       ob_end_clean();
     } else {
-      $output = file_get_contents($path);
+         if (isValidFileName($path)) {
+            $output = file_get_contents($path);
+         }
+         else {
+            $output = "";
+         }
     }
     return $output;
   }
-	    
+
   drupal_not_found();
 }