CHANGES:

- Mission uploads can now handle "later" replacements, if people are flying.
- /download <Missions> reworked to provide the latest mission, independently if it was .orig, .miz or .dcssb\.miz

BUGFIX:
- Possible path injection in /download fixed.

Author: karel26

core/data/impl/serverimpl.py

@@ -427,13 +427,16 @@ def do_startup(self):
         missions = []
         for mission in self.settings['missionList']:
             if '.dcssb' in mission:
-                secondary = os.path.join(os.path.dirname(os.path.dirname(mission)), os.path.basename(mission))
+                _mission = os.path.join(os.path.dirname(os.path.dirname(mission)), os.path.basename(mission))
             else:
-                secondary = os.path.join(os.path.dirname(mission), '.dcssb', os.path.basename(mission))
-            if os.path.exists(mission):
+                _mission = mission
+            # check if the orig file has been updated
+            orig = _mission + '.orig'
+            if os.path.exists(orig) and os.path.getmtime(orig) > os.path.getmtime(mission):
+                shutil.copy2(orig, _mission)
+                missions.append(_mission)
+            elif os.path.exists(mission):
                 missions.append(mission)
-            elif os.path.exists(secondary):
-                missions.append(secondary)
             else:
                 self.log.warning(f"Removing mission {mission} from serverSettings.lua as it could not be found!")
         if len(missions) != len(self.settings['missionList']):
@@ -724,20 +727,25 @@ async def keep_alive(self):
                     WHERE node = %s AND server_name = %s
                 """, (self.node.name, self.name))
 
-    async def uploadMission(self, filename: str, url: str, force: bool = False, missions_dir: str = None) -> UploadStatus:
+    async def uploadMission(self, filename: str, url: str, *, missions_dir: str = None, force: bool = False,
+                            orig = False) -> UploadStatus:
         if not missions_dir:
             missions_dir = self.instance.missions_dir
         filename = os.path.normpath(os.path.join(missions_dir, filename))
-        secondary = os.path.join(os.path.dirname(filename), '.dcssb', os.path.basename(filename))
-        for idx, name in enumerate(self.settings['missionList']):
-            if (os.path.normpath(name) == filename) or (os.path.normpath(name) == secondary):
-                if self.current_mission and idx == int(self.settings['listStartIndex']) - 1:
-                    if not force:
-                        return UploadStatus.FILE_IN_USE
-                add = True
-                break
+        if orig:
+            filename += '.orig'
+            add = False
         else:
-            add = self.locals.get('autoadd', True)
+            secondary = os.path.join(os.path.dirname(filename), '.dcssb', os.path.basename(filename))
+            for idx, name in enumerate(self.settings['missionList']):
+                if (os.path.normpath(name) == filename) or (os.path.normpath(name) == secondary):
+                    if self.current_mission and idx == int(self.settings['listStartIndex']) - 1:
+                        if not force:
+                            return UploadStatus.FILE_IN_USE
+                    add = True
+                    break
+            else:
+                add = self.locals.get('autoadd', True)
         rc = await self.node.write_file(filename, url, force)
         if rc != UploadStatus.OK:
             return rc
@@ -859,6 +867,24 @@ async def replaceMission(self, mission_id: int, path: str) -> list[str]:
         return self.settings['missionList']
 
     async def loadMission(self, mission: Union[int, str], modify_mission: Optional[bool] = True) -> bool:
+        # check if we re-load the running mission
+        start_index = int(self.settings['listStartIndex'])
+        if ((isinstance(mission, int) and mission == start_index) or
+            (isinstance(mission, str) and mission == self._get_current_mission_file())):
+            mission = self.settings['missionList'][start_index - 1]
+            # now determine the original mission name
+            _mission = utils.get_orig_file(mission)
+            # check if the orig file has been replaced
+            if os.path.exists(_mission) and os.path.getmtime(_mission) > os.path.getmtime(mission):
+                new_filename = utils.create_writable_mission(mission)
+                # we can't write the original one, so use the copy
+                if new_filename != mission:
+                    shutil.copy2(_mission, new_filename)
+                    await self.replaceMission(start_index, new_filename)
+                    return await self.loadMission(start_index, modify_mission=modify_mission)
+                else:
+                    return await self.loadMission(start_index, modify_mission=modify_mission)
+
         if isinstance(mission, int):
             if mission > len(self.settings['missionList']):
                 mission = 1
@@ -878,7 +904,7 @@ async def loadMission(self, mission: Union[int, str], modify_mission: Optional[b
         else:
             try:
                 idx = self.settings['missionList'].index(filename) + 1
-                if idx == int(self.settings['listStartIndex']):
+                if idx == start_index:
                     rc = await self.send_to_dcs_sync({"command": "startMission", "filename": filename})
                 else:
                     rc = await self.send_to_dcs_sync({"command": "startMission", "id": idx})
@@ -971,3 +997,30 @@ async def uninstall_extension(self, name: str) -> None:
     async def cleanup(self) -> None:
         tempdir = os.path.join(tempfile.gettempdir(), self.instance.name)
         await asyncio.to_thread(utils.safe_rmtree, tempdir)
+
+    async def getAllMissionFiles(self) -> list[tuple[str, str]]:
+        def shorten_filename(file: str) -> str:
+            if file.endswith('.orig'):
+                return file[:-5]
+            if '.dcssb' in file:
+                return file.replace(os.path.sep + '.dcssb', '')
+            return file
+
+        result = []
+        base_dir, all_missions = await self.node.list_directory(self.instance.missions_dir, pattern="*.miz",
+                                                                ignore=['.dcssb', 'Scripts', 'Saves'], traverse=True)
+        for mission in all_missions:
+            orig = utils.get_orig_file(mission, create_file=False)
+            secondary = os.path.join(
+                os.path.dirname(mission), '.dcssb', os.path.basename(mission)
+            )
+            if orig and os.path.getmtime(orig) > os.path.getmtime(mission):
+                file = orig
+            else:
+                file = mission
+            if os.path.exists(secondary) and os.path.getmtime(secondary) > os.path.getmtime(file):
+                file = secondary
+
+            result.append((shorten_filename(file), file))
+
+        return result

core/data/proxy/serverproxy.py

@@ -139,7 +139,8 @@ async def prepare_extensions(self):
             "server_name": self.name
         }, node=self.node.name, timeout=timeout)
 
-    async def uploadMission(self, filename: str, url: str, force: bool = False, missions_dir: str = None) -> UploadStatus:
+    async def uploadMission(self, filename: str, url: str, *, missions_dir: str = None, force: bool = False,
+                            orig = False) -> UploadStatus:
         timeout = 120 if not self.node.slow_system else 240
         data = await self.bus.send_to_node_sync({
             "command": "rpc",
@@ -148,8 +149,9 @@ async def uploadMission(self, filename: str, url: str, force: bool = False, miss
             "params": {
                 "filename": filename,
                 "url": url,
+                "missions_dir": missions_dir,
                 "force": force,
-                "missions_dir": missions_dir
+                "orig": orig
             },
             "server_name": self.name
         }, timeout=timeout, node=self.node.name)
@@ -416,3 +418,13 @@ async def cleanup(self) -> None:
             "method": "cleanup",
             "server_name": self.name
         }, timeout=timeout, node=self.node.name)
+
+    async def getAllMissionFiles(self) -> list[str]:
+        timeout = 180 if not self.node.slow_system else 300
+        data = await self.bus.send_to_node_sync({
+            "command": "rpc",
+            "object": "Server",
+            "method": "getAllMissionFiles",
+            "server_name": self.name
+        }, timeout=timeout, node=self.node.name)
+        return data['return']

core/data/server.py

@@ -358,10 +358,14 @@ async def loadNextMission(self, modify_mission: Optional[bool] = True) -> bool:
     async def getMissionList(self) -> list[str]:
         raise NotImplemented()
 
+    async def getAllMissionFiles(self) -> list[str]:
+        raise NotImplemented()
+
     async def modifyMission(self, filename: str, preset: Union[list, dict]) -> str:
         raise NotImplemented()
 
-    async def uploadMission(self, filename: str, url: str, force: bool = False, missions_dir: str = None) -> UploadStatus:
+    async def uploadMission(self, filename: str, url: str, *, missions_dir: str = None, force: bool = False,
+                            orig = False) -> UploadStatus:
         raise NotImplemented()
 
     async def apply_mission_changes(self, filename: Optional[str] = None) -> str:

core/utils/dcs.py

@@ -161,15 +161,20 @@ def create_writable_mission(filename: str) -> str:
     return new_filename
 
 
-def get_orig_file(filename: str) -> str:
+def get_orig_file(filename: str, *, create_file: bool = True) -> Optional[str]:
     if '.dcssb' in filename:
-        orig_file = os.path.join(os.path.dirname(filename).replace('.dcssb', ''),
-                                 os.path.basename(filename)) + '.orig'
+        mission_file = os.path.join(os.path.dirname(filename).replace('.dcssb', ''),
+                                    os.path.basename(filename))
     else:
-        orig_file = filename + '.orig'
-        # make an initial backup, if there is none
-        if not os.path.exists(orig_file):
-            shutil.copy2(filename, orig_file)
+        mission_file = filename
+    orig_file = mission_file + '.orig'
+    if not os.path.exists(orig_file):
+        if create_file:
+            # make an initial backup, if there is none
+            if not os.path.exists(orig_file):
+                shutil.copy2(filename, orig_file)
+        else:
+            return None
     return orig_file
 
 

core/utils/discord.py

@@ -345,14 +345,14 @@ async def on_cancel(self, interaction: Interaction, _: Button):
         self.stop()
 
 
-async def populated_question(interaction: discord.Interaction, question: str, message: Optional[str] = None,
+async def populated_question(ctx: Union[commands.Context, discord.Interaction], question: str, message: Optional[str] = None,
                              ephemeral: Optional[bool] = True) -> Optional[str]:
     """
     Same as yn_question, but adds an option "Later". The usual use-case of this function would be
     if people are flying atm, and you want to ask to trigger an action that would affect their experience (aka stop
     the server).
 
-    :param interaction: The discord interaction object.
+    :param ctx: The discord context or interaction object.
     :param question: The question to be displayed in the embed.
     :param message: An optional message to be displayed in the embed.
     :param ephemeral: Whether the interaction response should be ephemeral. Default is True.
@@ -361,14 +361,10 @@ async def populated_question(interaction: discord.Interaction, question: str, me
     embed = discord.Embed(title='People are flying!', description=question, color=discord.Color.red())
     if message is not None:
         embed.add_field(name=message, value='_ _')
+    if isinstance(ctx, discord.Interaction):
+        ctx = await ctx.client.get_context(ctx)
     view = PopulatedQuestionView()
-    # noinspection PyUnresolvedReferences
-    if interaction.response.is_done():
-        msg = await interaction.followup.send(embed=embed, view=view, ephemeral=ephemeral)
-    else:
-        # noinspection PyUnresolvedReferences
-        await interaction.response.send_message(embed=embed, view=view, ephemeral=ephemeral)
-        msg = await interaction.original_response()
+    msg = await ctx.send(embed=embed, view=view, ephemeral=ephemeral)
     try:
         if await view.wait():
             return None

core/utils/os.py

@@ -45,7 +45,8 @@
     "set_password",
     "get_password",
     "delete_password",
-    "CloudRotatingFileHandler"
+    "CloudRotatingFileHandler",
+    "sanitize_filename"
 ]
 
 logger = logging.getLogger(__name__)
@@ -234,6 +235,38 @@ def delete_password(key: str, config_dir='config'):
         raise ValueError(key)
 
 
+def sanitize_filename(filename: str, base_directory: str) -> str:
+    """
+    Sanitizes an input filename to prevent relative path injection.
+    Ensures the file path is within the `base_directory`.
+
+    Args:
+        filename (str): The input filename to sanitize.
+        base_directory (str): The base directory where all downloads should be stored.
+
+    Returns:
+        str: A sanitized, safe file path.
+
+    Raises:
+        ValueError: If the filename contains invalid patterns or escapes the base directory.
+    """
+    # Ensure the base_directory is absolute
+    base_directory = os.path.abspath(base_directory)
+
+    # Resolve the filename into an absolute path
+    resolved_path = os.path.abspath(os.path.join(base_directory, filename))
+
+    # Ensure the resolved path is within the base directory
+    if not os.path.commonpath([base_directory, resolved_path]) == base_directory:
+        raise ValueError(f"Relative path injection attempt detected: {filename}")
+
+    # Optional: Check file name for illegal characters (e.g., reject ../)
+    if ".." in filename or filename.startswith(("/")):
+        raise ValueError(f"Invalid filename detected: {filename}")
+
+    return resolved_path
+
+
 class CloudRotatingFileHandler(RotatingFileHandler):
     def shouldRollover(self, record):
         """

plugins/admin/commands.py

@@ -89,6 +89,21 @@ async def label_autocomplete(interaction: discord.Interaction, current: str) ->
     except Exception as ex:
         interaction.client.log.exception(ex)
 
+async def _mission_file_autocomplete(interaction: discord.Interaction, current: str) -> list[app_commands.Choice[str]]:
+    try:
+        server: Server = await utils.ServerTransformer().transform(
+            interaction, utils.get_interaction_param(interaction, 'server'))
+        file_list = await server.getAllMissionFiles()
+        exp_base = await server.get_missions_dir()
+        choices: list[app_commands.Choice[str]] = [
+            app_commands.Choice(name=os.path.relpath(x[0], exp_base), value=os.path.relpath(x[1], exp_base))
+            for x in file_list
+            if not current or current.casefold() in os.path.relpath(x[0], exp_base).casefold()
+        ]
+        return choices[:25]
+    except Exception as ex:
+        interaction.client.log.exception(ex)
+
 
 async def file_autocomplete(interaction: discord.Interaction, current: str) -> list[app_commands.Choice[str]]:
     if not await interaction.command._check_can_run(interaction):
@@ -99,15 +114,16 @@ async def file_autocomplete(interaction: discord.Interaction, current: str) -> l
         if not server:
             return []
         label = utils.get_interaction_param(interaction, "what")
+        # missions will be handled differently
+        if label == 'Missions':
+            return await _mission_file_autocomplete(interaction, current)
         config = interaction.client.cogs['Admin'].get_config(server)
         try:
             config = next(x for x in config['downloads'] if x['label'] == label)
         except StopIteration:
             return []
         base_dir = config['directory'].format(server=server)
-        exp_base, file_list = await server.node.list_directory(
-                base_dir, pattern=config['pattern'], traverse=True, ignore=['.dcssb']
-            )
+        exp_base, file_list = await server.node.list_directory(base_dir, pattern=config['pattern'], traverse=True)
         choices: list[app_commands.Choice[str]] = [
             app_commands.Choice(name=os.path.relpath(x, exp_base), value=os.path.relpath(x, exp_base))
             for x in file_list
@@ -427,12 +443,27 @@ async def download(self, interaction: discord.Interaction,
         # noinspection PyUnresolvedReferences
         await interaction.response.defer(thinking=True, ephemeral=ephemeral)
         config = next(x for x in self.get_config(server)['downloads'] if x['label'] == what)
-        path = os.path.join(config['directory'].format(server=server), filename)
+        # double-check if that user can really download these files
+        if config.get('discord') and not utils.check_roles(config['discord'], interaction.user):
+            raise app_commands.CheckFailure()
+        # make sure nobody injected a wrong path
+        base_dir = config['directory'].format(server=server)
+        try:
+            path = utils.sanitize_filename(os.path.join(base_dir, filename), base_dir)
+        except ValueError:
+            await self.bot.audit("User attempted a relative file injection!",
+                                 user=interaction.user, base_dir=base_dir, file=filename)
+            await interaction.followup.send(_("You have been reported for trying to inject a relative path!"))
+            return
+        # now continue to download
+        if filename.endswith('.orig'):
+            filename = filename[:-5]
         try:
             file = await server.node.read_file(path)
         except FileNotFoundError:
-            await interaction.followup.send(_("File {file} not found in directory {dir}.").format(
-                file=filename, dir=config['directory'].format(server=server)))
+            self.log.error(f"File {path} not found.")
+            await interaction.followup.send(content=_("File {file} not found.").format(file=filename),
+                                            ephemeral=True)
             return
         target = config.get('target')
         if target:

plugins/mission/upload.py

@@ -20,11 +20,22 @@ async def handle_attachment(self, directory: str, att: discord.Attachment) -> Up
         ctx = await self.bot.get_context(self.message)
         rc = await self.server.uploadMission(att.filename, att.url, force=False, missions_dir=directory)
         if rc in [UploadStatus.FILE_IN_USE, UploadStatus.WRITE_ERROR]:
-            if not await utils.yn_question(ctx, _('This mission is currently active.\n'
-                                                  'Do you want me to stop the DCS-server to replace it?')):
+            if self.server.is_populated():
+                what = await utils.populated_question(ctx, _('This mission is currently active.\n'
+                                                             'Do you want me to stop the DCS-server to replace it?'))
+            else:
+                what = 'yes'
+            if what == 'yes':
+                await self.server.stop()
+            elif what == 'later':
+                await self.server.uploadMission(att.filename, att.url, orig=True, force=True, missions_dir=directory)
+                await self.channel.send(_('Mission "{mission}" uploaded to server {server}').format(
+                    mission=os.path.basename(att.filename)[:-4], server=self.server.display_name))
+                # we return the old rc (file in use), to not force a mission load
+                return rc
+            else:
                 await self.channel.send(_('Upload aborted.'))
                 return rc
-            await self.server.stop()
         elif rc == UploadStatus.FILE_EXISTS:
             self.log.debug("File exists, asking for overwrite.")
             if not await utils.yn_question(ctx, _('File exists. Do you want to overwrite it?')):