]> git.p6c8.net - devedit.git/blob - modules/Tool.pm
Catch error of trying to download a non-readable file using URL manipulation
[devedit.git] / modules / Tool.pm
1 package Tool;
2
3 #
4 # Dev-Editor - Module Tool
5 #
6 # Some shared sub routines
7 #
8 # Author: Patrick Canterino <patrick@patshaping.de>
9 # Last modified: 2010-12-23
10 #
11 # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
12 # Copyright (C) 2003-2009 Patrick Canterino
13 # All Rights Reserved.
14 #
15 # This file can be distributed and/or modified under the terms of
16 # of the Artistic License 1.0 (see also the LICENSE file found at
17 # the top level of the Dev-Editor distribution).
18 #
19
20 use strict;
21
22 use vars qw(@EXPORT);
23
24 use CGI qw(redirect
25 escape
26 virtual_host
27 https);
28
29 use Cwd qw(abs_path);
30 use File::Spec;
31
32 ### Export ###
33
34 use base qw(Exporter);
35
36 @EXPORT = qw(check_path
37 clean_path
38 devedit_reload
39 dos_wildcard_match
40 encode_html
41 equal_url
42 file_name
43 in_array
44 is_disabled_command
45 is_forbidden_file
46 mode_string
47 multi_string
48 upper_path);
49
50 # check_path()
51 #
52 # Check if a virtual path is above a virtual root directory
53 # (currently no check if the path exists - check otherwise!)
54 #
55 # Params: 1. Virtual root directory
56 # 2. Virtual path to check
57 #
58 # Return: Array with the physical and the cleaned virtual path;
59 # false, if the submitted path is above the root directory
60
61 sub check_path($$)
62 {
63 my ($root,$path) = @_;
64
65 # Clean root path
66
67 $root = abs_path($root);
68 $root = File::Spec->canonpath($root);
69
70 $path =~ tr!\\!/!;
71 $path =~ s!^/+!!;
72 $path = $root.'/'.$path;
73
74 # We extract the last part of the path and create the absolute path
75
76 my $first = upper_path($path);
77 $first = File::Spec->canonpath($first);
78 $first = abs_path($first);
79
80 my $last = file_name($path);
81 $last = '' if($last eq '.');
82
83 if($last eq '..' || ($^O eq 'MSWin32' && $last =~ m!^\.\.\.+$!))
84 {
85 $first = abs_path($first.'/'.$last);
86 $last = '';
87 }
88
89 $path = File::Spec->canonpath($first.'/'.$last);
90
91 # Check if the path is above the root directory
92
93 return if(index($path,$root) != 0);
94 return if(substr($path,length($root)) && not File::Spec->file_name_is_absolute(substr($path,length($root))));
95
96 # Create short path name
97
98 my $short_path = substr($path,length($root));
99 $short_path =~ tr!\\!/!;
100 $short_path = '/'.$short_path if($short_path !~ m!^/!);
101 $short_path = $short_path.'/' if($short_path !~ m!/$! && -d $path && not -l $path);
102
103 return ($path,$short_path);
104 }
105
106 # clean_path()
107 #
108 # Clean up a path logically and replace backslashes with
109 # normal slashes
110 #
111 # Params: Path
112 #
113 # Return: Cleaned path
114
115 sub clean_path($)
116 {
117 my $path = shift;
118 $path = File::Spec->canonpath($path);
119 $path =~ tr!\\!/!;
120
121 return $path;
122 }
123
124 # devedit_reload()
125 #
126 # Create a HTTP redirection header to load Dev-Editor
127 # with some other parameters
128 #
129 # Params: Hash Reference (will be merged to a query string)
130 # (optional)
131 #
132 # Return: HTTP redirection header (Scalar Reference)
133
134 sub devedit_reload(;$)
135 {
136 my $params = shift;
137
138 # Detect the protocol (simple HTTP or SSL encrypted HTTP)
139 # and check if the server listens on the default port
140
141 my $protocol = '';
142 my $port = '';
143
144 if(https)
145 {
146 # SSL encrypted HTTP (HTTPS)
147
148 $protocol = 'https';
149 $port = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 443);
150 }
151 else
152 {
153 # Simple HTTP
154
155 $protocol = 'http';
156 $port = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 80);
157 }
158
159 # The following code is grabbed from Template::_query of
160 # Andre Malo's selfforum (http://sourceforge.net/projects/selfforum/)
161 # and modified by Patrick Canterino
162
163 my $query = '';
164
165 if(ref($params) eq 'HASH')
166 {
167 $query = '?'.join ('&' =>
168 map {
169 (ref)
170 ? map{escape ($_).'='.escape ($params -> {$_})} @{$params -> {$_}}
171 : escape ($_).'='.escape ($params -> {$_})
172 } keys %$params
173 );
174 }
175
176 # Create the redirection header
177
178 my $header = redirect($protocol.'://'.virtual_host.$port.$ENV{'SCRIPT_NAME'}.$query);
179
180 return \$header;
181 }
182
183 # dos_wildcard_match()
184 #
185 # Check if a string matches against a DOS-style wildcard
186 #
187 # Params: 1. Pattern
188 # 2. String
189 #
190 # Return: Status code (Boolean)
191
192 sub dos_wildcard_match($$)
193 {
194 my ($pattern,$string) = @_;
195
196 return 1 if($pattern eq '*');
197
198 # The following part is stolen from File::DosGlob
199
200 # escape regex metachars but not glob chars
201 $pattern =~ s:([].+^\-\${}[|]):\\$1:g;
202 # and convert DOS-style wildcards to regex
203 $pattern =~ s/\*/.*/g;
204 $pattern =~ s/\?/.?/g;
205
206 return ($string =~ m|^$pattern$|is);
207 }
208
209 # encode_html()
210 #
211 # Encode HTML control characters (< > " &)
212 #
213 # Params: String to encode
214 #
215 # Return: Encoded string
216
217 sub encode_html($)
218 {
219 my $string = shift;
220
221 $string =~ s/&/&amp;/g;
222 $string =~ s/</&lt;/g;
223 $string =~ s/>/&gt;/g;
224 $string =~ s/"/&quot;/g;
225
226 return $string;
227 }
228
229 # equal_url()
230 #
231 # Create URL equal to a file or directory
232 #
233 # Params: 1. HTTP root
234 # 2. Relative path
235 #
236 # Return: Formatted link (String)
237
238 sub equal_url($$)
239 {
240 my ($root,$path) = @_;
241 my $url;
242
243 $root =~ s!/+$!!;
244 $path =~ s!^/+!!;
245 $url = $root.'/'.$path;
246
247 return $url;
248 }
249
250 # file_name()
251 #
252 # Return the last part of a path
253 #
254 # Params: Path
255 #
256 # Return: Last part of the path
257
258 sub file_name($)
259 {
260 my $path = shift;
261 $path =~ tr!\\!/!;
262
263 unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
264 {
265 $path =~ s!/+$!!;
266 $path = substr($path,rindex($path,'/')+1);
267 }
268
269 return $path;
270 }
271
272 # in_array()
273 #
274 # Check if a value is in an array
275 #
276 # Params: 1. Value to find
277 # 2. Array
278 #
279 # Return: Status code (Boolean)
280
281 sub in_array($$)
282 {
283 my ($string,$array) = @_;
284
285 foreach my $element(@{$array})
286 {
287 return 1 if($string eq $element);
288 }
289
290 return;
291 }
292
293 # is_disabled_command()
294 #
295 # Check if a command is disabled
296 #
297 # Params: 1. Array Reference containing the list
298 # 2. Command to check
299 #
300 # Return: Status code (Boolean)
301
302 sub is_disabled_command($$)
303 {
304 my ($list,$command) = @_;
305 $command =~ s!/+$!!g;
306
307 foreach my $entry(@$list)
308 {
309 return 1 if(lc($command) eq lc($entry));
310 }
311
312 return;
313 }
314
315 # is_forbidden_file()
316 #
317 # Check if a file is in the list of forbidden files
318 #
319 # Params: 1. Array Reference containing the list
320 # 2. Filename to check
321 #
322 # Return: Status code (Boolean)
323
324 sub is_forbidden_file($$)
325 {
326 my ($list,$file) = @_;
327 $file =~ s!/+$!!g;
328
329 foreach my $entry(@$list)
330 {
331 return 1 if($file eq $entry);
332 return 1 if(index($file,$entry.'/') == 0);
333 }
334
335 return;
336 }
337
338 # mode_string()
339 #
340 # Convert a file mode number into a human readable string (rwxr-x-r-x)
341 # (also supports SetUID, SetGID and Sticky Bit)
342 #
343 # Params: File mode number
344 #
345 # Return: Human readable mode string
346
347 sub mode_string($)
348 {
349 my $mode = shift;
350 my $string = '';
351
352 # User
353
354 $string = ($mode & 00400) ? 'r' : '-';
355 $string .= ($mode & 00200) ? 'w' : '-';
356 $string .= ($mode & 00100) ? (($mode & 04000) ? 's' : 'x') :
357 ($mode & 04000) ? 'S' : '-';
358
359 # Group
360
361 $string .= ($mode & 00040) ? 'r' : '-';
362 $string .= ($mode & 00020) ? 'w' : '-';
363 $string .= ($mode & 00010) ? (($mode & 02000) ? 's' : 'x') :
364 ($mode & 02000) ? 'S' : '-';
365
366 # Other
367
368 $string .= ($mode & 00004) ? 'r' : '-';
369 $string .= ($mode & 00002) ? 'w' : '-';
370 $string .= ($mode & 00001) ? (($mode & 01000) ? 't' : 'x') :
371 ($mode & 01000) ? 'T' : '-';
372
373 return $string;
374 }
375
376 # multi_string()
377 #
378 # Create a Hash Reference containing three forms of a string
379 #
380 # Params: String
381 #
382 # Return: Hash Reference:
383 # normal => Normal form of the string
384 # html => HTML encoded form (see encode_html())
385 # url => URL encoded form
386
387 sub multi_string($)
388 {
389 my $string = shift;
390 my %multi;
391
392 $multi{'normal'} = $string;
393 $multi{'html'} = encode_html($string);
394 $multi{'url'} = escape($string);
395
396 return \%multi;
397 }
398
399 # upper_path()
400 #
401 # Remove the last part of a path
402 # (the resulting path contains a trailing slash)
403 #
404 # Params: Path
405 #
406 # Return: Truncated path
407
408 sub upper_path($)
409 {
410 my $path = shift;
411 $path =~ tr!\\!/!;
412
413 unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
414 {
415 $path =~ s!/+$!!;
416 $path = substr($path,0,rindex($path,'/')+1);
417 }
418
419 return $path;
420 }
421
422 # it's true, baby ;-)
423
424 1;
425
426 #
427 ### End ###

patrick-canterino.de