]> git.p6c8.net - devedit.git/blob - devedit.pl
- For security reasons, I completely changed the handling of symbolic links:
[devedit.git] / devedit.pl
1 #!C:/Programme/Perl/bin/perl.exe -w
2
3 #
4 # Dev-Editor 2.3
5 #
6 # Dev-Editor's main program
7 #
8 # Author: Patrick Canterino <patrick@patshaping.de>
9 # Last modified: 2005-02-10
10 #
11
12 use strict;
13 use CGI::Carp qw(fatalsToBrowser);
14
15 use vars qw($VERSION);
16 use lib 'modules';
17
18 use CGI;
19 use Config::DevEdit;
20 use File::UseList;
21
22 use Command;
23 use Output;
24 use Tool;
25
26 $VERSION = '2.3';
27
28 # Path to configuration file
29 # Change if necessary!
30
31 use constant CONFIGFILE => 'devedit.dat';
32
33 # Read the configuration file
34
35 my $config = read_config(CONFIGFILE);
36 error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
37
38 # Check if the root directory exists
39
40 abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'});
41
42 # Check if we are able to access the root directory
43
44 abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
45
46 # Read the most important form data
47
48 my $cgi = new CGI;
49
50 my $command = $cgi->param('command') || 'show';
51 my $file = $cgi->param('file') || '/';
52 my $curdir = $cgi->param('curdir') || '';
53 my $newfile = $cgi->param('newfile') || '';
54
55 # Create physical and virtual path for the new file
56
57 my $new_physical = '';
58 my $new_virtual = '';
59
60 if($newfile ne '' && $newfile !~ /^\s+$/)
61 {
62 $curdir = upper_path($file) if($curdir eq '');
63 my $path = $curdir.'/'.$newfile;
64
65 # Extract file and directory name...
66
67 my $file = file_name($path);
68 my $dir = upper_path($path);
69
70 # ... check if the directory exists ...
71
72 unless(-d clean_path($config->{'fileroot'}.'/'.$dir))
73 {
74 abort($config->{'errors'}->{'dir_not_exist'},'/');
75 }
76
77 # ... and check if the path is above the root directory
78
79 unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir))
80 {
81 abort($config->{'errors'}->{'create_ar'},'/');
82 }
83
84 # Check if we have enough permissions to create a file
85 # in this directory
86
87 unless(-r $new_physical && -w $new_physical && -x $new_physical)
88 {
89 abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => $new_virtual});
90 }
91
92 # Create the physical and the virtual path
93
94 $new_physical = File::Spec->canonpath($new_physical.'/'.$file);
95 $new_virtual .= $file;
96 }
97
98 # This check has to be performed first or abs_path() will be confused
99
100 if(-e clean_path($config->{'fileroot'}.'/'.$file))
101 {
102 if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
103 {
104 # Create a File::UseList object and load the list
105
106 my $uselist = new File::UseList(listfile => $config->{'uselist_file'},
107 lockfile => $config->{'lock_file'},
108 timeout => $config->{'lock_timeout'});
109
110 $uselist->lock or abort($config->{'errors'}->{'lock_failed'},undef,{USELIST => $uselist->{'listfile'}, LOCK_FILE => $uselist->{'lockfile'}});
111 $uselist->load;
112
113 # Create a hash containing data submitted by the user
114 # (some other necessary information are also included)
115
116 my %data = (physical => $physical,
117 virtual => $virtual,
118 new_physical => $new_physical,
119 new_virtual => $new_virtual,
120 uselist => $uselist,
121 cgi => $cgi,
122 version => $VERSION,
123 configfile => CONFIGFILE);
124
125 # Execute the command...
126
127 my $output = exec_command($command,\%data,$config);
128
129 # ... unlock the list with files in use and show the output of the command
130
131 $uselist->unlock or abort($config->{'errors'}->{'unlock_failed'},undef,{USELIST => $uselist->{'listfile'}, LOCK_FILE => $uselist->{'lockfile'}});
132 print $$output;
133 }
134 else
135 {
136 abort($config->{'errors'}->{'above_root'},'/');
137 }
138 }
139 else
140 {
141 abort($config->{'errors'}->{'not_exist'},'/');
142 }
143
144 #
145 ### End ###

patrick-canterino.de