modules/Tool.pm

   1 package Tool;
   2
   3 #
   4 # Dev-Editor - Module Tool
   5 #
   6 # Some shared sub routines
   7 #
   8 # Author:        Patrick Canterino <patrick@patshaping.de>
   9 # Last modified: 2010-12-23
  10 #
  11 # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
  12 # Copyright (C) 2003-2009 Patrick Canterino
  13 # All Rights Reserved.
  14 #
  15 # This file can be distributed and/or modified under the terms of
  16 # of the Artistic License 1.0 (see also the LICENSE file found at
  17 # the top level of the Dev-Editor distribution).
  18 #
  19
  20 use strict;
  21
  22 use vars qw(@EXPORT);
  23
  24 use CGI qw(redirect
  25            escape
  26            virtual_host
  27            https);
  28
  29 use Cwd qw(abs_path);
  30 use File::Spec;
  31
  32 ### Export ###
  33
  34 use base qw(Exporter);
  35
  36 @EXPORT = qw(check_path
  37              clean_path
  38              devedit_reload
  39              dos_wildcard_match
  40              encode_html
  41              equal_url
  42              file_name
  43              in_array
  44              is_disabled_command
  45              is_forbidden_file
  46              mode_string
  47              multi_string
  48              upper_path);
  49
  50 # check_path()
  51 #
  52 # Check if a virtual path is above a virtual root directory
  53 # (currently no check if the path exists - check otherwise!)
  54 #
  55 # Params: 1. Virtual root directory
  56 #         2. Virtual path to check
  57 #
  58 # Return: Array with the physical and the cleaned virtual path;
  59 #         false, if the submitted path is above the root directory
  60
  61 sub check_path($$)
  62 {
  63  my ($root,$path) = @_;
  64
  65  # Clean root path
  66
  67  $root = abs_path($root);
  68  $root = File::Spec->canonpath($root);
  69
  70  $path =~ tr!\\!/!;
  71  $path =~ s!^/+!!;
  72  $path =  $root.'/'.$path;
  73
  74  # We extract the last part of the path and create the absolute path
  75
  76  my $first = upper_path($path);
  77  $first    = File::Spec->canonpath($first);
  78  $first    = abs_path($first);
  79
  80  my $last  = file_name($path);
  81  $last     = '' if($last eq '.');
  82
  83  if($last eq '..' || ($^O eq 'MSWin32' && $last =~ m!^\.\.\.+$!))
  84  {
  85   $first = abs_path($first.'/'.$last);
  86   $last  = '';
  87  }
  88
  89  $path = File::Spec->canonpath($first.'/'.$last);
  90
  91  # Check if the path is above the root directory
  92
  93  return if(index($path,$root) != 0);
  94  return if(substr($path,length($root)) && not File::Spec->file_name_is_absolute(substr($path,length($root))));
  95
  96  # Create short path name
  97
  98  my $short_path = substr($path,length($root));
  99  $short_path =~ tr!\\!/!;
 100  $short_path = '/'.$short_path if($short_path !~ m!^/!);
 101  $short_path = $short_path.'/' if($short_path !~ m!/$! && -d $path && not -l $path);
 102
 103  return ($path,$short_path);
 104 }
 105
 106 # clean_path()
 107 #
 108 # Clean up a path logically and replace backslashes with
 109 # normal slashes
 110 #
 111 # Params: Path
 112 #
 113 # Return: Cleaned path
 114
 115 sub clean_path($)
 116 {
 117  my $path =  shift;
 118  $path    =  File::Spec->canonpath($path);
 119  $path    =~ tr!\\!/!;
 120
 121  return $path;
 122 }
 123
 124 # devedit_reload()
 125 #
 126 # Create a HTTP redirection header to load Dev-Editor
 127 # with some other parameters
 128 #
 129 # Params: Hash Reference (will be merged to a query string)
 130 #         (optional)
 131 #
 132 # Return: HTTP redirection header (Scalar Reference)
 133
 134 sub devedit_reload(;$)
 135 {
 136  my $params = shift;
 137
 138  # Detect the protocol (simple HTTP or SSL encrypted HTTP)
 139  # and check if the server listens on the default port
 140
 141  my $protocol = '';
 142  my $port     = '';
 143
 144  if(https)
 145  {
 146   # SSL encrypted HTTP (HTTPS)
 147
 148   $protocol = 'https';
 149   $port     = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 443);
 150  }
 151  else
 152  {
 153   # Simple HTTP
 154
 155   $protocol = 'http';
 156   $port     = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 80);
 157  }
 158
 159  # The following code is grabbed from Template::_query of
 160  # Andre Malo's selfforum (http://sourceforge.net/projects/selfforum/)
 161  # and modified by Patrick Canterino
 162
 163  my $query = '';
 164
 165  if(ref($params) eq 'HASH')
 166  {
 167   $query = '?'.join ('&' =>
 168     map {
 169       (ref)
 170       ? map{escape ($_).'='.escape ($params -> {$_})} @{$params -> {$_}}
 171       : escape ($_).'='.escape ($params -> {$_})
 172     } keys %$params
 173   );
 174  }
 175
 176  # Create the redirection header
 177
 178  my $header = redirect($protocol.'://'.virtual_host.$port.$ENV{'SCRIPT_NAME'}.$query);
 179
 180  return \$header;
 181 }
 182
 183 # dos_wildcard_match()
 184 #
 185 # Check if a string matches against a DOS-style wildcard
 186 #
 187 # Params: 1. Pattern
 188 #         2. String
 189 #
 190 # Return: Status code (Boolean)
 191
 192 sub dos_wildcard_match($$)
 193 {
 194  my ($pattern,$string) = @_;
 195
 196  return 1 if($pattern eq '*');
 197
 198  # The following part is stolen from File::DosGlob
 199
 200  # escape regex metachars but not glob chars
 201  $pattern =~ s:([].+^\-\${}[|]):\\$1:g;
 202  # and convert DOS-style wildcards to regex
 203  $pattern =~ s/\*/.*/g;
 204  $pattern =~ s/\?/.?/g;
 205
 206  return ($string =~ m|^$pattern$|is);
 207 }
 208
 209 # encode_html()
 210 #
 211 # Encode HTML control characters (< > " &)
 212 #
 213 # Params: String to encode
 214 #
 215 # Return: Encoded string
 216
 217 sub encode_html($)
 218 {
 219  my $string = shift;
 220
 221  $string =~ s/&/&amp;/g;
 222  $string =~ s/</&lt;/g;
 223  $string =~ s/>/&gt;/g;
 224  $string =~ s/"/&quot;/g;
 225
 226  return $string;
 227 }
 228
 229 # equal_url()
 230 #
 231 # Create URL equal to a file or directory
 232 #
 233 # Params: 1. HTTP root
 234 #         2. Relative path
 235 #
 236 # Return: Formatted link (String)
 237
 238 sub equal_url($$)
 239 {
 240  my ($root,$path) = @_;
 241  my $url;
 242
 243  $root =~ s!/+$!!;
 244  $path =~ s!^/+!!;
 245  $url  =  $root.'/'.$path;
 246
 247  return $url;
 248 }
 249
 250 # file_name()
 251 #
 252 # Return the last part of a path
 253 #
 254 # Params: Path
 255 #
 256 # Return: Last part of the path
 257
 258 sub file_name($)
 259 {
 260  my $path =  shift;
 261  $path    =~ tr!\\!/!;
 262
 263  unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
 264  {
 265   $path =~ s!/+$!!;
 266   $path =  substr($path,rindex($path,'/')+1);
 267  }
 268
 269  return $path;
 270 }
 271
 272 # in_array()
 273 #
 274 # Check if a value is in an array
 275 #
 276 # Params: 1. Value to find
 277 #         2. Array
 278 #
 279 # Return: Status code (Boolean)
 280
 281 sub in_array($$)
 282 {
 283  my ($string,$array) = @_;
 284
 285  foreach my $element(@{$array})
 286  {
 287   return 1 if($string eq $element);
 288  }
 289
 290  #foreach
 291
 292  return;
 293 }
 294
 295 # is_disabled_command()
 296 #
 297 # Check if a command is disabled
 298 #
 299 # Params: 1. Array Reference containing the list
 300 #         2. Command to check
 301 #
 302 # Return: Status code (Boolean)
 303
 304 sub is_disabled_command($$)
 305 {
 306  my ($list,$command) = @_;
 307  $command =~ s!/+$!!g;
 308
 309  foreach my $entry(@$list)
 310  {
 311   return 1 if(lc($command) eq lc($entry));
 312  }
 313
 314  return;
 315 }
 316
 317 # is_forbidden_file()
 318 #
 319 # Check if a file is in the list of forbidden files
 320 #
 321 # Params: 1. Array Reference containing the list
 322 #         2. Filename to check
 323 #
 324 # Return: Status code (Boolean)
 325
 326 sub is_forbidden_file($$)
 327 {
 328  my ($list,$file) = @_;
 329  $file =~ s!/+$!!g;
 330
 331  foreach my $entry(@$list)
 332  {
 333   return 1 if($file eq $entry);
 334   return 1 if(index($file,$entry.'/') == 0);
 335  }
 336
 337  return;
 338 }
 339
 340 # mode_string()
 341 #
 342 # Convert a file mode number into a human readable string (rwxr-x-r-x)
 343 # (also supports SetUID, SetGID and Sticky Bit)
 344 #
 345 # Params: File mode number
 346 #
 347 # Return: Human readable mode string
 348
 349 sub mode_string($)
 350 {
 351  my $mode   = shift;
 352  my $string = '';
 353
 354  # User
 355
 356  $string  = ($mode & 00400) ? 'r' : '-';
 357  $string .= ($mode & 00200) ? 'w' : '-';
 358  $string .= ($mode & 00100) ? (($mode & 04000) ? 's' : 'x') :
 359                                ($mode & 04000) ? 'S' : '-';
 360
 361  # Group
 362
 363  $string .= ($mode & 00040) ? 'r' : '-';
 364  $string .= ($mode & 00020) ? 'w' : '-';
 365  $string .= ($mode & 00010) ? (($mode & 02000) ? 's' : 'x') :
 366                                ($mode & 02000) ? 'S' : '-';
 367
 368  # Other
 369
 370  $string .= ($mode & 00004) ? 'r' : '-';
 371  $string .= ($mode & 00002) ? 'w' : '-';
 372  $string .= ($mode & 00001) ? (($mode & 01000) ? 't' : 'x') :
 373                                ($mode & 01000) ? 'T' : '-';
 374
 375  return $string;
 376 }
 377
 378 # multi_string()
 379 #
 380 # Create a Hash Reference containing three forms of a string
 381 #
 382 # Params: String
 383 #
 384 # Return: Hash Reference:
 385 #         normal => Normal form of the string
 386 #         html   => HTML encoded form (see encode_html())
 387 #         url    => URL encoded form
 388
 389 sub multi_string($)
 390 {
 391  my $string = shift;
 392  my %multi;
 393
 394  $multi{'normal'} = $string;
 395  $multi{'html'}   = encode_html($string);
 396  $multi{'url'}    = escape($string);
 397
 398  return \%multi;
 399 }
 400
 401 # upper_path()
 402 #
 403 # Remove the last part of a path
 404 # (the resulting path contains a trailing slash)
 405 #
 406 # Params: Path
 407 #
 408 # Return: Truncated path
 409
 410 sub upper_path($)
 411 {
 412  my $path =  shift;
 413  $path    =~ tr!\\!/!;
 414
 415  unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
 416  {
 417   $path =~ s!/+$!!;
 418   $path =  substr($path,0,rindex($path,'/')+1);
 419  }
 420
 421  return $path;
 422 }
 423
 424 # it's true, baby ;-)
 425
 426 1;
 427
 428 #
 429 ### End ###