int bbsanc_main(void) { const char *path = web_get_param("path"); if (strstr(path, "bbslist") || strstr(path, ".Search") || strstr(path, ".Names") || strstr(path, "..") || strstr(path, "SYSHome")) return BBS_EINVAL; char *bname = getbfroma(path); board_t board; if (!bname || *bname != '\0' || !get_board(bname, &board) || !has_read_perm(&board)) { return BBS_ENOFILE; } char fname[512]; sprintf(fname, "0Announce%s", path); xml_header(NULL); printf("<bbsanc "); if (board.id) printf(" brd='%s'", board.name); printf(">"); print_session(); printf("<po>"); xml_printfile(fname); printf("</po></bbsanc>"); return 0; }
static int edit_user_file(const char *file, const char *desc, const char *submit) { if (!loginok) return BBS_ELGNREQ; char buf[HOMELEN]; sethomefile(buf, currentuser.userid, file); parse_post_data(); char *text = getparm("text"); if (*text != '\0') { int fd = open(buf, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd < 0) return BBS_EINTNL; fb_flock(fd, LOCK_EX); safer_write(fd, text, strlen(text)); fb_flock(fd, LOCK_UN); close(fd); xml_header("bbs"); printf("<bbseufile "); print_session(); printf(" desc='%s'></bbseufile>", desc); } else { xml_header("bbs"); printf("<bbseufile "); print_session(); printf(" desc='%s' submit='%s'>", desc, submit); xml_printfile(buf, stdout); printf("</bbseufile>"); } return 0; }