]> git.p6c8.net - devedit.git/blob - CHANGELOG
Allow to specify a remote name for an uploaded file
[devedit.git] / CHANGELOG
1 Change Log for Dev-Editor
2 =========================
3
4 Version 3.0.1 (2005-11-10):
5 ===========================
6
7 Accessing files above the virtual root directory:
8 -------------------------------------------------
9 It was possible to access files and directories above the virtual root
10 directory beginning with the same string as the root directory.
11 For example:
12 If your root directory is "/var/www/user1" it was possible to access
13 "/var/www/user10", "/var/www/user11" and so on.
14
15 Version 3.0 (2005-10-18):
16 =========================
17
18 Editing function changed:
19 -------------------------
20 - The concept of locking the file for other users before editing it is not very
21 good, causes some problems and makes it difficult to add new features. So I
22 decided to remove it.
23 - When Dev-Editor shows the form for editing a file, it calculates the MD5
24 checksum and places it in the editing form. Before saving the file, the MD5
25 checksum is calculated again and compared to the submitted one. If the two
26 sums don't match, Dev-Editor does not save the file and shows the editing
27 form.
28 - In the edit dialogue, there is also a new submit button allowing to continue
29 editing the file after saving it.
30 - Removed the possibility of encoding ISO-8859-1 HTML entities when saving a
31 file. I don't know if anybody used this function.
32
33 Copy directories:
34 -----------------
35 Dev-Editor is now able to copy a directory.
36
37 Forbid file access:
38 -------------------
39 The administrator may now define a list of files the user is not allowed to
40 access.
41
42 Individual configuration:
43 -------------------------
44 Now, Dev-Editor is able to switch some configuration values depending on the
45 current HTTP Auth user.
46 This is controlled by a separate configuration file containing sections like
47 Windows INI files (thus the configuration file parser is now able to parse
48 files containing sections in square brackets).
49 You may overwrite the following configuration values:
50 - fileroot
51 - httproot
52 - forbidden (you may also clear the default "forbidden" list)
53
54 Configuration files renamed:
55 ----------------------------
56 The extension of the configuration files is "conf" now.
57
58 Names of error messages changed:
59 --------------------------------
60 I changed the names of some error messages:
61 binary -> binary_file
62 cmd_unknown -> command_unknown
63 dir_read_fail -> dir_read_failed
64 create_ar -> create_above_root
65 not_exist -> not_found
66
67 File names containing a "+" sign:
68 ---------------------------------
69 If a file name contained a "+" sign, Dev-Editor was sometimes not able to
70 access the file, because the "+" was interpreted as a space.
71
72 Check octal numbers:
73 --------------------
74 Before changing the permissions of a file, Dev-Editor now checks if the user
75 entered a valid octal number.
76
77 Encoding of HTML entities:
78 --------------------------
79 - All HTML in output is now properly encoded
80 - HTML::Entities is a little bit slow and does currently not support very much
81 encodings. Now, we just encode the HTML control characters (<, >, & and ").
82 This also means that Dev-Editor now does not require any CPAN module.
83
84 Template class updated:
85 -----------------------
86 The template class was updated to version 1.5.
87
88 Small changes:
89 --------------
90 - Don't show the "Copy" link if a file is not readable
91 - Added checkboxes in the "Copy" and "Rename" dialogues for immediately
92 overwriting an existing file
93 - Preserve the directory listing filter if the user changes the directory using
94 the input field at the bottom of the directory listing
95
96 New in version 2.3.2 (2005-04-23)
97 ---------------------------------
98
99 Copying a file out of a directory:
100 ----------------------------------
101 Fixed a really strange bug occuring only on Windows systems.
102 Dev-Editor was not able to copy (or move) a file out of a directory if the
103 path, the user entered in the corresponding dialogue, was beginning with "../".
104
105 Empty root directory causes incomplete HTML table:
106 --------------------------------------------------
107 Dev-Editor now does not create an incomplete HTML table if the root directory
108 is completely empty or no files are matching against the current wildcard.
109
110 move() instead of rename():
111 ---------------------------
112 Dev-Editor now uses the move() function from the File::Copy module to move or
113 rename files and directories. move() is more reliable than the rename()
114 function.
115
116 No error message if reading of a directory failed:
117 --------------------------------------------------
118 If reading of a directory failed, no error message was shown. I thought this
119 bug was fixed...
120
121 Template class updated:
122 -----------------------
123 The template class was updated to version 1.4a.
124
125 New in version 2.3.1 (2005-02-19)
126 ---------------------------------
127
128 Handling of symbolic links changed:
129 -----------------------------------
130 For security reasons, I completely changed the handling of symbolic links:
131 Symbolic links are now treated as files, no matter where they point to. The
132 user is just allowed to see the path where the link points to, he is allowed to
133 delete the link, to rename it and to overwrite it by renaming an other file.
134 Nothing else is allowed.
135 Accessing a symbolic link pointing to a directory caused also a very strange
136 effect: It was possible to access this directory, but you could not access
137 the objects in it.
138 I had to do it in this way because of the very stupid behaviour of abs_path()
139 from the Cwd module: This function is just able to detect the absolute path of
140 directories.
141 Hard links are not affected by this, because it is not possible to detect them
142 (at least I don't know how to detect them).
143
144 Root directory must not be a symbolic link:
145 -------------------------------------------
146 Now, the root directory must not be a symbolic link.
147 Sorry for this, I really would have liked to allow the root directory to be a
148 symbolic link, but if I would allow this, Dev-Editor would not be able to
149 create files in the root directory. I'm looking for an alternative...
150
151 Use Greenwich Mean Time:
152 ------------------------
153 You may now use Greenwich Mean Time (GMT/UTC) in dates instead of the local
154 time.
155 I don't know if anyone needs this, but it could be useful.
156
157 Handle errors produced by File::UseList:
158 ----------------------------------------
159 - Check if unlocking of the list of files in use was successful
160 - Check if a file could be successfully added to the list of files in use
161 - Check if a file could be successfully removed from the list of files in use
162
163 Saving to non-existing files:
164 -----------------------------
165 The file saving process was aborted if the user wanted to write text data using
166 the edit function into a file that does not exists.
167 The reason was that Dev-Editor thought that this non-existing file was a binary
168 file.
169
170 Template class updated:
171 -----------------------
172 The template class was updated to version 1.4.
173 This fixes the problem of the infinitive loops produced by incorrectly nested
174 {IF} blocks.
175
176 Small changes:
177 --------------
178 - Files locked with the flock() function are now unlocked by the close()
179 function due to security reasons (see
180 http://forum.de.selfhtml.org/?t=101375&m=622582)
181 - Changed the names of two error messages:
182 dircopy -> dir_copy
183 editdir -> dir_edit
184 - Fixed various small errors in some template files
185 - The regular expression used by file_name() and upper_path() to detect Windows
186 drive letters was not case-insensitive
187
188 New in version 2.3 (2005-01-08)
189 -------------------------------
190
191 Filter directory listing:
192 -------------------------
193 Dev-Editor is now able to filter the directory listing using DOS-style
194 wildcards.
195 I think that is a little bit incomplete, Dev-Editor should be able to
196 "remember" the filter wildcard during the actions.
197 The code for parsing DOS-style wildcards is from the File::DosGlob module by
198 Gurusamy Sarathy.
199
200 flock():
201 --------
202 Dev-Editor now uses flock().
203 flock() is called using a wrapper function which checks if it is really
204 available.
205
206 check_path() broken on Windows:
207 -------------------------------
208 On Windows systems the check_path() routine was heavily broken (this routine
209 checks if someone tries to access a path above the virtual root directory). It
210 was possible to access files above the root directory by accessing a path with
211 "..." or "...." or something like that as the last path component. This bug was
212 caused by the rewrite of check_path() in Dev-Editor 2.2.
213
214 "." or ".." as end of a path:
215 -----------------------------
216 If you enter a path with "." or ".." as the last path component, Dev-Editor
217 showed a really strange behaviour by allowing to enter a path like
218 "something/." or "something/..". This was also caused by the (poor) rewrite of
219 check_path(). The problem is fixed now.
220
221 Paths beginning with "/../" caused problems:
222 --------------------------------------------
223 When composing the temporary virtual path for a new file, don't call
224 clean_path(). It is unnecessary and it also caused a problem if this path would
225 begin with /../, because on UNIX systems, canonpath() removes /../ at the
226 beginning of a path. So if a user wanted to create the file /../file.ext (but
227 he wasn't allowed to), he created /file.ext.
228
229 Deny changing file properties in some cases:
230 --------------------------------------------
231 - Do not allow to change the properties of the root directory
232 - Do not allow to change the properties of a file in use
233
234 Deny overwriting files:
235 -----------------------
236 - While processing a file upload, check if the user wants to replace a
237 directory or overwrite a write-protected file
238 - If the user wants to copy or rename a file, check if he wants to overwrite a
239 write-protected file
240 - Do not allow to upload a file if a file with the same virtual name is
241 currently in use
242
243 Validate file uploads:
244 ----------------------
245 Dev-Editor now tries to validate a file upload by checking the handle created
246 by the CGI module.
247
248 Improved configuration file parser:
249 -----------------------------------
250 - The parser now ignores lines like that:
251 = Value
252 Such lines could lead to properties with empty keys in the configuration
253 hash.
254 - Allow configuration options with empty values
255 - If a option is defined twice, the line number of the second one is shown in
256 the error message
257
258 Output changes:
259 ---------------
260 - More encoding of HTML entities
261 - In directory listing, the "Edit" link of files in use were not greyed (very
262 nasty)
263 - Show the name of the lock file in error messages even if it has not been
264 defined in the configuration file
265
266 Small internal changes:
267 -----------------------
268 - The file saving process is now completely centralized in File::Access
269 - When generating a redirection header, check if we really have to create a
270 query string
271 - Fixed a bug occuring if the "curdir" CGI parameter had no trailing slash and
272 the "newfile" parameter had no leading slash
273 - Dev-Editor now takes more care of Windows drive letters
274 - Trying to increase speed of the script by surrounding static values by single
275 quotes
276 - Code cleaning
277
278 New in version 2.2a (2004-11-29)
279 --------------------------------
280
281 File uploads did not work:
282 --------------------------
283 Dev-Editor normally tests if it has enough permissions to upload a file to a
284 directory. But the condition was missing and so Dev-Editor always aborted file
285 uploads and didn't even display the dialogue.
286
287 New in version 2.2 (2004-11-27)
288 -------------------------------
289
290 `chgrp` system command and numerical group names:
291 -------------------------------------------------
292 When changing the group, Dev-Editor is now using the `chgrp` system command.
293 This allows to use numerical group names. Before, Dev-Editor handled numerical
294 values as group IDs.
295
296 Checking root directory:
297 ------------------------
298 Dev-Editor now checks if the root directory exists and if it may be accessed.
299 This fixed also bug where it was possible to access the physical root directory
300 if Dev-Editor could not enter the virtual root directory.
301
302 Checking directory permissions:
303 -------------------------------
304 Dev-Editor does some simple checks of directory permissions now:
305 - Inaccessible directories are greyed in directory listing. You cannot access
306 them, but the actions are not disabled, because they may work.
307 - Actions needing write access to a directory are aborted if Dev-Editor has no
308 write access.
309
310 Access a directory structure similar to the root directory:
311 -----------------------------------------------------------
312 The path the user wants to access must now BEGIN with the root directory. The
313 old check made it possible to access a directory structure outside the root
314 directory similar to the root directory.
315
316 Changing mode of a directory with mode 000:
317 -------------------------------------------
318 It was not possible to change the mode of a directory with mode 000.
319
320 Upload only to directories:
321 ---------------------------
322 Dev-Editor now checks if the user really uploads a file to a directory.
323
324 Improved About dialogue:
325 ------------------------
326 - Dev-Editor now only shows the main group ID of the process user.
327 - Dev-Editor also shows the current umask of the process.
328 - Special chars in most values are now encoded to entities.
329
330 Added <label> tags:
331 -------------------
332 For a better usability in some browsers, I added <label> tags for the
333 checkboxes and radio buttons in file edit and file upload dialogue.
334
335 Directory links in error messages:
336 ----------------------------------
337 Some error messages generated by the main program now contain a link to the
338 root directory.
339
340 Bugs in HTML generation:
341 ------------------------
342 - If Dev-Editor could not read a directory, it did neither display an error
343 message nor a directory link.
344 - Some error messages had problems with {DIR} variables. Thus the variable in
345 error.htm which will be replaced by a back link is now called "{BACK}".
346 - When viewing a file, Dev-Editor inserts the contents of the file into the
347 viewfile.htm template file AFTER parsing the "editable" {IF}-block, because
348 Dev-Editor showed a very ugly behaviour when viewing this template file.
349
350 Code cleaning:
351 --------------
352 I tried to clean the source code of Dev-Editor a little bit. Some parts of the
353 code were optimized.
354
355 New in version 2.1a (2004-10-22)
356 --------------------------------
357
358 Changed file saving error handling:
359 -----------------------------------
360 Now we already unlock the file saving process, because if an error occurs
361 during this process, the file keeps locked.
362 This is not a perfect solution, there are still problems. I have to figure out
363 another one.
364
365 New in version 2.1 (2004-10-14)
366 -------------------------------
367
368 Overwrite files during file upload:
369 -----------------------------------
370 In file upload dialogue, there is a new checkbox which allows to overwrite
371 files during file upload if they already exist.
372
373 Improved file saving:
374 ---------------------
375 The process of file saving has been improved:
376 - Saving even works if the file has to be created first.
377 - Dev-Editor is now checking if the user wants to write text data into a binary
378 file.
379 - If the user just entered spaces as filename (detection works for other
380 commands using the "newfile" CGI parameter too), we use the original
381 filename.
382
383 Don't copy a directory:
384 -----------------------
385 Dev-Editor now denies copying a directory.
386
387 Check before manually unlocking:
388 --------------------------------
389 Dev-Editor now checks if the file is really locked before displaying the
390 dialogue for manually unlocking a file. If it is not locked, Dev-Editor returns
391 to directory view. Dev-Editor also behaves in this way if it is trying to
392 unlock a file.
393
394 Wrong error messages:
395 ---------------------
396 Something definitely went wrong when I remade the copy and the rename
397 functions: They printed a wrong error message if the destination already
398 existed and if it was a file.
399
400 New in version 2.0 (2004-08-10)
401 -------------------------------
402
403 File uploads:
404 -------------
405 Dev-Editor is now able to process HTTP file uploads. The files may be
406 transferred in ASCII or binary mode (similar to FTP).
407
408 Change mode and group:
409 ----------------------
410 Dev-Editor is now able to change the mode and the group of a file or a
411 directory.
412
413 HTTPS support and non-default ports:
414 ------------------------------------
415 Dev-Editor is now able to detect a HTTPS connection and if the web server
416 doesn't listen on the default ports (necessary for reloading Dev-Editor).
417
418 Do not allow removing or renaming the root directory:
419 -----------------------------------------------------
420 Dev-Editor now denies removing or renaming the root directory.
421
422 Renaming files outside the root directory:
423 ------------------------------------------
424 There was a bug which caused Dev-Editor not to rename files outside the root
425 directory if they already exist.
426
427 Improved file editing:
428 ----------------------
429 When the user wants to save an edited file using a different file name,
430 Dev-Editor now unlocks the original file and checks if a file with this
431 different name already exists and if it is locked.
432
433 Improved file creating:
434 -----------------------
435 The routine which creates empty files had a race condition which could set
436 files to 0 if they already exist.
437
438 Maximum size for files:
439 -----------------------
440 The administrator may now define a maximum size for files in the main
441 configuration file. If the user wants to view or edit a file larger than this
442 defined size, Dev-Editor denies file access (but the file can still be copied,
443 renamed or removed).
444
445 Form for creating new files or directories:
446 -------------------------------------------
447 In directory listing, when clicking on the buttons next to the fields for
448 creating new files and directories without entering a file or directory name,
449 the user got an error message which is a little bit strange.
450 Now, the user will see a form for creating new files or directories.
451
452 Newlines are converted while reading:
453 -------------------------------------
454 Whenever Dev-Editor now reads a file for output, it converts any line separator
455 to the system specific one.
456
457 Case-insensitive commands:
458 --------------------------
459 The commands are now case-insensitive, so the command "ShOw" is the same as
460 "show".
461
462 About screen:
463 -------------
464 There is now a small "About" screen which shows some more or less useful
465 information about Dev-Editor and the system.
466
467 Improvements for user interface:
468 --------------------------------
469 Made a lot of improvements for the user interface:
470 - The directory listing is now built using tables.
471 - When editing a file and the user wants to save a file using a different file
472 name, the checkbox for saving the file using a different file name is
473 activated using JavaScript.
474 - In directory listing or when viewing a file, there is a new field for quickly
475 jumping to a file or to a directory.
476 - Separated "Work with directory" and "Work with file" into different options
477 in directory listing ("Copy", "Rename", "Delete", "Unlock"). The options also
478 have their own dialogues.
479 - In directory listing, there is a new link for viewing a file or a directory
480 in the browser.
481 - When viewing a file and if the file is editable, there is a new link to edit
482 this file.
483 - Files and directories in directory listing are now sorted case-insensitively.
484
485 Configuration files:
486 --------------------
487 The settings of Dev-Editor are now stored in extern configuration files: There
488 is one file for general settings, one for the error messages and one for the
489 paths to the template files.
490
491 Templates:
492 ----------
493 The output of Dev-Editor is now controlled by template files. The source code
494 became much cleaner :-)
495
496 New in version 1.2 (2003-12-29)
497 -------------------------------
498
499 Removing directories:
500 ---------------------
501 Dev-Editor is now able to completely remove a directory.
502
503 "Work with directories":
504 ------------------------
505 In directory listing, next do a directory, there is a new link called "Work
506 with directory". When you select this link, you get a form to remove or
507 rename/move the directory.
508 Additionally, the link "Do other stuff" was renamed to "Work with file".
509
510 Overwriting existing files:
511 ---------------------------
512 If you want to copy a file, and the destination file already exists, you will
513 be asked to overwrite the file. If the destination points to a directory,
514 copying will be aborted completely.
515 If you want to rename a file or a directory, and the destination file already
516 exists, you will be asked to overwrite the file. If the destination points to a
517 directory, renaming will be aborted completely.
518
519 Confirmation for removing files:
520 --------------------------------
521 If you want to remove a file, a confirmation dialog will be displayed first.
522
523 Fixed open() calls:
524 -------------------
525 It seems that some systems don't support the FILEHANDLE,MODE,FILENAME version
526 of open(). Now we don't use it any more.
527
528 Default permissions for mkdir():
529 --------------------------------
530 Set the permissions for mkdir() to 0777. I thought it is optional (as described
531 in "perlfunc"), but some systems need it.
532
533 New in version 1.1 (2003-11-15)
534 -------------------------------
535
536 Newlines are converted:
537 -----------------------
538 Any line seperator will now be converted to the system specific line seperator
539 if you save a text file.
540
541 File permissions are checked:
542 -----------------------------
543 Dev-Editor now runs some simple checks on the file permissions when it creates
544 a directory listing, tries to view or edit a file and when it copies a file.
545
546 Tool tips for file status:
547 --------------------------
548 In directory listing, when a file cannot be viewed or edited, a tool tip on the
549 "View" or "Edit" link will show the reason why it is so.
550
551 File permissions are saved:
552 ---------------------------
553 When the user saves a text file, the file permissions were destroyed. The
554 reason was that a temporary file was used, which was renamed to the originally
555 file. Now this is fixed, but if saving of the file now fails, the file could be
556 damaged...
557
558 Links in error messages:
559 ------------------------
560 Some error messages now contain a link to go back to the directory containing
561 the file which caused the error.
562
563 Typos fixed:
564 ------------
565 There were a lot of typos in the output, the comments and the ReadMe file.
566
567 Dates fixed:
568 ------------
569 The dates of the last modification in the head comment of the files had the
570 wrong format. They had the format MM-DD-YYYY, but they should have YYYY-MM-DD.
571 Sorry, that was VERY embarassing...
572
573 New in version 1.0 (2003-10-08)
574 -------------------------------
575
576 First public release:
577 ---------------------
578 This is the first public release of Dev-Editor.
579
580 ------------------------------------------------
581
582 (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
583 (C) 2003-2005 Patrick Canterino
584
585 E-Mail: patrick@patshaping.de
586 WWW: http://devedit.sourceforge.net/

patrick-canterino.de