/usr/share/gforge/plugins/scmcvs/bin/aclcheck.php is in fusionforge-plugin-scmcvs 5.3.2+20141104-3+deb8u3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | #! /usr/bin/php
<?php
/**
* Implement CVS ACLs based on GForge roles
*
* Copyright 2004 GForge, LLC
*
* This file is part of FusionForge.
*
* FusionForge is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* FusionForge is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
if (((int) $_SERVER['argc']) < 1) {
print "Usage: ".basename(__FILE__)." /cvsroot/projectname\n";
exit(1);
}
require_once dirname(__FILE__).'/../../env.inc.php';
require_once $gfcommon. 'include/pre.php';
require_once $gfcommon.'include/utils.php';
require_once $gfconfig.'plugins/scmcvs/config.php';
require_once $gfplugins.'scmcvs/common/Snoopy.class.php';
// Input cleansing
$env_cvsroot = (string) $_ENV['CVSROOT'];
# Rules
# 1. Must begin with /cvs/ or /cvsroot/
# 2. Then must contain 3 - 25 alphanumeric chars or -
preg_match("/^\/\/?(cvs)(root)*\/\/?([[:alnum:]-]{3,25})$/", $env_cvsroot, $matches);
if (count($matches) == 0) {
print "Invalid CVS directory\n";
exit(1);
}
$projectName = $matches[count($matches)-1];
$userArray=posix_getpwuid ( posix_geteuid ( ) );
$userName= $userArray['name'];
// Our POSTer in Gforge
$snoopy = new Snoopy;
$SubmitUrl=util_make_url('/plugins/scmcvs/acl.php');
$SubmitVars['group'] = $projectName;
$SubmitVars['user'] = $userName;
if ($userName == 'root') {
exit(0);
} else {
$snoopy->submit($SubmitUrl,$SubmitVars);
if (!empty($snoopy->error) || !empty($snoopy->results)) {
print $snoopy->results."\n";
exit(1);
}
}
?>
|