//
// $Id$
//
+error_reporting(0);
require_once 'plc_config.php';
require_once 'plc_session.php';
}
}
+function isValidFileName($file) {
+
+ /* don't allow .. and allow any "word" character \ / */
+
+ return preg_match('/^(((?:\.)(?!\.))|\w)+$/', $file);
+
+}
+
function planetlab_page() {
$path = $_SERVER['DOCUMENT_ROOT'] . preg_replace('/^db\//', '/planetlab/', $_GET['q']);
$output = ob_get_contents();
ob_end_clean();
} else {
- $output = file_get_contents($path);
+ if (isValidFileName($path)) {
+ $output = file_get_contents($path);
+ }
+ else {
+ $output = "";
+ }
}
return $output;
}
$person_id=$_GET["person_id"];
$slice_id=$_GET["slice_id"];
-$myFile = "/var/log/myslice.log";
+$myFile = "/var/log/myslice/myslice.log";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = date('Ymd-H:i')."|".$person_id.":".$slice_id.":".$value."\n";
fwrite($fh, $stringData);
else if ($tag_name == "showconf")
$res = $api->SetPersonShowconf( $person_id, $value );
-$myFile = "/var/log/myslice.log";
+$myFile = "/var/log/myslice/myslice.log";
if (file_exists($myFile))
$fh = fopen($myFile, 'a') or die("can't open file");