]> git.p6c8.net - devedit.git/blob - devedit.pl
Allow to execute a HTTP download of a file
[devedit.git] / devedit.pl
1 #!C:/Programme/Perl/bin/perl.exe -w
2
3 #
4 # Dev-Editor 3.1
5 #
6 # Dev-Editor's main program
7 #
8 # Author: Patrick Canterino <patrick@patshaping.de>
9 # Last modified: 2006-08-24
10 #
11 # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
12 # Copyright (C) 2003-2009 Patrick Canterino
13 # All Rights Reserved.
14 #
15 # This file can be distributed and/or modified under the terms of
16 # of the Artistic License 1.0 (see also the LICENSE file found at
17 # the top level of the Dev-Editor distribution).
18 #
19
20 use strict;
21 use CGI::Carp qw(fatalsToBrowser);
22
23 use vars qw($VERSION);
24 use lib 'modules';
25
26 use CGI;
27 use Config::DevEdit;
28
29 use Command;
30 use Output;
31 use Tool;
32
33 $VERSION = '3.1';
34
35 # Path to configuration file
36 # Change if necessary!
37
38 use constant CONFIGFILE => 'devedit.conf';
39
40 # Read the configuration file
41
42 my $config = read_config(CONFIGFILE);
43 error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
44
45 # Check if the root directory exists
46
47 abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'} && not -l $config->{'fileroot'});
48
49 # Check if we are able to access the root directory
50
51 abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
52
53 # Read the most important form data
54
55 my $cgi = new CGI;
56
57 my $command = $cgi->param('command') || 'show';
58 my $file = $cgi->param('file') || '/';
59 my $curdir = $cgi->param('curdir') || '';
60 my $newfile = $cgi->param('newfile') || '';
61
62 # Create physical and virtual path for the new file
63
64 my $new_physical = '';
65 my $new_virtual = '';
66
67 if($newfile ne '' && $newfile !~ /^\s+$/)
68 {
69 my $path = $curdir.'/'.$newfile;
70
71 # Extract file and directory name...
72
73 my $file = file_name($path);
74 my $dir = upper_path($path);
75
76 # ... check if the directory exists ...
77
78 my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir);
79
80 unless(-d $temp_path && not -l $temp_path)
81 {
82 abort($config->{'errors'}->{'dir_not_exist'},'/');
83 }
84
85 # ... and check if the path is above the root directory
86
87 unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir))
88 {
89 abort($config->{'errors'}->{'create_above_root'},'/');
90 }
91
92 # Check if we have enough permissions to create a file
93 # in this directory
94
95 unless(-r $new_physical && -w $new_physical && -x $new_physical)
96 {
97 abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)});
98 }
99
100 # Create the physical and the virtual path
101
102 $new_physical = File::Spec->canonpath($new_physical.'/'.$file);
103 $new_virtual .= $file;
104
105 # Check if accessing this file is forbidden
106
107 if(is_forbidden_file($config->{'forbidden'},$new_virtual))
108 {
109 abort($config->{'errors'}->{'forbidden_file'},'/');
110 }
111 }
112
113 # This check has to be performed first or abs_path() will be confused
114
115 my $temp_path = clean_path($config->{'fileroot'}.'/'.$file);
116
117 if(-e $temp_path || -l $temp_path)
118 {
119 if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
120 {
121 if(is_forbidden_file($config->{'forbidden'},$virtual))
122 {
123 abort($config->{'errors'}->{'forbidden_file'},'/');
124 }
125 else
126 {
127 # Create a hash containing data submitted by the user
128 # (some other necessary information are also included)
129
130 my %data = (physical => $physical,
131 virtual => $virtual,
132 new_physical => $new_physical,
133 new_virtual => $new_virtual,
134 cgi => $cgi,
135 version => $VERSION,
136 configfile => CONFIGFILE);
137
138 # Execute the command...
139
140 my $output = exec_command($command,\%data,$config);
141
142 # ... and show its output
143
144 print $$output;
145 }
146 }
147 else
148 {
149 abort($config->{'errors'}->{'above_root'},'/');
150 }
151 }
152 else
153 {
154 abort($config->{'errors'}->{'not_found'},'/');
155 }
156
157 #
158 ### End ###

patrick-canterino.de