On Mon, Mar 28, 2016 at 10:51 AM, Craig Russell <craig.russ...@oracle.com> wrote: > secretary assistant staple function > Staple > > convert 'schultz/Apache Membership Application.jpg' > 'schultz/Apache_Membership Application.pdf' > mv schultz/Apache_Membership Application.pdf schultz.pdf > mv: target ‘schultz.pdf’ is not a directory > svn add schultz.pdf > svn: warning: W155010: > '/srv/secretary/workbench/documents/received/schultz.pdf' not found > svn: E200009: Could not add all targets because some targets don't exist > svn: E200009: Illegal target for the requested operation > svn propset svn:mime-type application/pdf schultz.pdf > 'schultz.pdf' is not under version control > svn: E155010: The node > '/srv/secretary/workbench/documents/received/schultz.pdf' was not found. > svn rm --force schultz/Apache Membership Application.jpg > svn: E125001: '/srv/secretary/workbench/documents/received/schultz/Apache' > does not exist
This code can be found here: https://github.com/apache/whimsy/blob/master/www/secretary/workbench/file.cgi Here is the code that will be replacing it: https://github.com/apache/whimsy/blob/master/www/secmail/views/actions/drop.json.rb Note that this code uses Kernel.system with a list of distinct parameters rather than depending on shell parsing. The new code also requires all input received from outside sources to be explicitly untainted, and that should only be done if the source is trusted (e.g., __dir__ returns a tainted value, but it safe for our purposes), or has been validated (generally with a regular expression). Also note that this is a small, well contained script; taking as input @source, @target, and @message, and returning a single result. As opposed to file.cgi which does pretty much everything, and the flow of data... well lets just say that it isn't quite so clear. It is my hope to return to the task of completing the new secmail application once all of the membership applications have been received and processed. > Craig L Russell > Secretary, Apache Software Foundation > c...@apache.org http://db.apache.org/jdo - Sam Ruby
