From bf0afeb10a06989c9bf472a0054655e0ed0f8f88 Mon Sep 17 00:00:00 2001
From: robertabcd <robertabcd@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Wed, 30 Jan 2013 10:10:03 +0000
Subject: Rename locked posts in order to be secure, and don't provide any
 URLs.

Introducing new X-dot file here. We can not use L-dot prefix since there may be
some code that doesn't recognize locked files and end up in reading the file.



git-svn-id: http://opensvn.csie.org/pttbbs/trunk@5784 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 pttbbs/mbbsd/bbs.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pttbbs/mbbsd/bbs.c b/pttbbs/mbbsd/bbs.c
index 38ce2a6e..f2bfab2b 100644
--- a/pttbbs/mbbsd/bbs.c
+++ b/pttbbs/mbbsd/bbs.c
@@ -3580,6 +3580,7 @@ static int
 lock_post(int ent, fileheader_t * fhdr, const char *direct)
 {
     char fn1[PATHLEN];
+    char fnx[PATHLEN];
     char genbuf[PATHLEN] = "";
     int i;
     boardheader_t *bp = NULL;
@@ -3605,6 +3606,14 @@ lock_post(int ent, fileheader_t * fhdr, const char *direct)
 	if (vans("要將文章鎖定嗎(y/N)?") != 'y')
 	    return FULLUPDATE;
         setbfile(fn1, currboard, fhdr->filename);
+
+        // Rename the file to be secure, introducing new X-dot file here.
+        // We can not use L-dot prefix since there may be some code that
+        // doesn't recognize locked files and end up in reading the file.
+        fhdr->filename[0] = 'X';
+        setbfile(fnx, currboard, fhdr->filename);
+        Rename(fn1, fnx);
+
         fhdr->filename[0] = 'L';
 	syncnow();
 	bp->SRexpire = now;
@@ -3612,8 +3621,13 @@ lock_post(int ent, fileheader_t * fhdr, const char *direct)
     else if (fhdr->filename[0]=='L') {
 	if (vans("要將文章鎖定解除嗎(y/N)?") != 'y')
 	    return FULLUPDATE;
+        fhdr->filename[0] = 'X';
+        setbfile(fnx, currboard, fhdr->filename);
         fhdr->filename[0] = 'M';
         setbfile(fn1, currboard, fhdr->filename);
+        // Rename it back, no check for errors because old locked files
+        // are not renamed.
+        Rename(fnx, fn1);
 	syncnow();
 	bp->SRexpire = now;
     }
@@ -3724,6 +3738,10 @@ view_postinfo(int ent GCC_UNUSED, const fileheader_t * fhdr,
 	    // over18 boards do not provide URL.
 	    prints("│ 本看板目前不提供" URL_DISPLAYNAME " \n");
 	}
+        else if (fhdr->filename[0] == 'L')
+        {
+	    prints("│ 本文章不提供" URL_DISPLAYNAME " \n");
+        }
 	else
 	{
 	    prints("│ " URL_DISPLAYNAME ": " 
-- 
cgit v1.2.3