Change Log for Dev-Editor ========================= Version 3.1 (2009-05-12): ========================= Removing multiple files: ------------------------ In the directory listing, there are now checkboxes for selecting files and a button for removing them. Better distinction of objects in directory listing: --------------------------------------------------- For a better distinction of the objects in directory listing, every second object has a grey background now. Remote name for uploaded files: ------------------------------- When uploading a file, you can now specify a name for the file on the server. Prefilled form fields: ---------------------- If you want to copy or rename/move a file or a directory or save a file using a different name, the form field for the new filename is prefilled with the old one. Additionally, the entered path is no more relative to the directory of the original file. Hide dot files: --------------- When the new configuration option "hide_dot_files" is set to 1, every file or directory beginning with a "." is not shown in the directory listing. But you can still access the file / directory by typing its name into the "Go to directory/file" box. This option is also available in the user-dependent configuration. Copyright note: --------------- In the header of each file, there is a now a copyright note and a reference to the Artistic License. Template class updated: ----------------------- The template class was updated to version 2.0. Version 3.0.1 (2005-11-10): =========================== Accessing files above the virtual root directory: ------------------------------------------------- It was possible to access files and directories above the virtual root directory beginning with the same string as the root directory. For example: If your root directory is "/var/www/user1" it was possible to access "/var/www/user10", "/var/www/user11" and so on. Version 3.0 (2005-10-18): ========================= Editing function changed: ------------------------- - The concept of locking the file for other users before editing it is not very good, causes some problems and makes it difficult to add new features. So I decided to remove it. - When Dev-Editor shows the form for editing a file, it calculates the MD5 checksum and places it in the editing form. Before saving the file, the MD5 checksum is calculated again and compared to the submitted one. If the two sums don't match, Dev-Editor does not save the file and shows the editing form. - In the edit dialogue, there is also a new submit button allowing to continue editing the file after saving it. - Removed the possibility of encoding ISO-8859-1 HTML entities when saving a file. I don't know if anybody used this function. Copy directories: ----------------- Dev-Editor is now able to copy a directory. Forbid file access: ------------------- The administrator may now define a list of files the user is not allowed to access. Individual configuration: ------------------------- Now, Dev-Editor is able to switch some configuration values depending on the current HTTP Auth user. This is controlled by a separate configuration file containing sections like Windows INI files (thus the configuration file parser is now able to parse files containing sections in square brackets). You may overwrite the following configuration values: - fileroot - httproot - forbidden (you may also clear the default "forbidden" list) Configuration files renamed: ---------------------------- The extension of the configuration files is "conf" now. Names of error messages changed: -------------------------------- I changed the names of some error messages: binary -> binary_file cmd_unknown -> command_unknown dir_read_fail -> dir_read_failed create_ar -> create_above_root not_exist -> not_found File names containing a "+" sign: --------------------------------- If a file name contained a "+" sign, Dev-Editor was sometimes not able to access the file, because the "+" was interpreted as a space. Check octal numbers: -------------------- Before changing the permissions of a file, Dev-Editor now checks if the user entered a valid octal number. Encoding of HTML entities: -------------------------- - All HTML in output is now properly encoded - HTML::Entities is a little bit slow and does currently not support very much encodings. Now, we just encode the HTML control characters (<, >, & and "). This also means that Dev-Editor now does not require any CPAN module. Template class updated: ----------------------- The template class was updated to version 1.5. Small changes: -------------- - Don't show the "Copy" link if a file is not readable - Added checkboxes in the "Copy" and "Rename" dialogues for immediately overwriting an existing file - Preserve the directory listing filter if the user changes the directory using the input field at the bottom of the directory listing New in version 2.3.2 (2005-04-23) --------------------------------- Copying a file out of a directory: ---------------------------------- Fixed a really strange bug occuring only on Windows systems. Dev-Editor was not able to copy (or move) a file out of a directory if the path, the user entered in the corresponding dialogue, was beginning with "../". Empty root directory causes incomplete HTML table: -------------------------------------------------- Dev-Editor now does not create an incomplete HTML table if the root directory is completely empty or no files are matching against the current wildcard. move() instead of rename(): --------------------------- Dev-Editor now uses the move() function from the File::Copy module to move or rename files and directories. move() is more reliable than the rename() function. No error message if reading of a directory failed: -------------------------------------------------- If reading of a directory failed, no error message was shown. I thought this bug was fixed... Template class updated: ----------------------- The template class was updated to version 1.4a. New in version 2.3.1 (2005-02-19) --------------------------------- Handling of symbolic links changed: ----------------------------------- For security reasons, I completely changed the handling of symbolic links: Symbolic links are now treated as files, no matter where they point to. The user is just allowed to see the path where the link points to, he is allowed to delete the link, to rename it and to overwrite it by renaming an other file. Nothing else is allowed. Accessing a symbolic link pointing to a directory caused also a very strange effect: It was possible to access this directory, but you could not access the objects in it. I had to do it in this way because of the very stupid behaviour of abs_path() from the Cwd module: This function is just able to detect the absolute path of directories. Hard links are not affected by this, because it is not possible to detect them (at least I don't know how to detect them). Root directory must not be a symbolic link: ------------------------------------------- Now, the root directory must not be a symbolic link. Sorry for this, I really would have liked to allow the root directory to be a symbolic link, but if I would allow this, Dev-Editor would not be able to create files in the root directory. I'm looking for an alternative... Use Greenwich Mean Time: ------------------------ You may now use Greenwich Mean Time (GMT/UTC) in dates instead of the local time. I don't know if anyone needs this, but it could be useful. Handle errors produced by File::UseList: ---------------------------------------- - Check if unlocking of the list of files in use was successful - Check if a file could be successfully added to the list of files in use - Check if a file could be successfully removed from the list of files in use Saving to non-existing files: ----------------------------- The file saving process was aborted if the user wanted to write text data using the edit function into a file that does not exists. The reason was that Dev-Editor thought that this non-existing file was a binary file. Template class updated: ----------------------- The template class was updated to version 1.4. This fixes the problem of the infinitive loops produced by incorrectly nested {IF} blocks. Small changes: -------------- - Files locked with the flock() function are now unlocked by the close() function due to security reasons (see http://forum.de.selfhtml.org/?t=101375&m=622582) - Changed the names of two error messages: dircopy -> dir_copy editdir -> dir_edit - Fixed various small errors in some template files - The regular expression used by file_name() and upper_path() to detect Windows drive letters was not case-insensitive New in version 2.3 (2005-01-08) ------------------------------- Filter directory listing: ------------------------- Dev-Editor is now able to filter the directory listing using DOS-style wildcards. I think that is a little bit incomplete, Dev-Editor should be able to "remember" the filter wildcard during the actions. The code for parsing DOS-style wildcards is from the File::DosGlob module by Gurusamy Sarathy. flock(): -------- Dev-Editor now uses flock(). flock() is called using a wrapper function which checks if it is really available. check_path() broken on Windows: ------------------------------- On Windows systems the check_path() routine was heavily broken (this routine checks if someone tries to access a path above the virtual root directory). It was possible to access files above the root directory by accessing a path with "..." or "...." or something like that as the last path component. This bug was caused by the rewrite of check_path() in Dev-Editor 2.2. "." or ".." as end of a path: ----------------------------- If you enter a path with "." or ".." as the last path component, Dev-Editor showed a really strange behaviour by allowing to enter a path like "something/." or "something/..". This was also caused by the (poor) rewrite of check_path(). The problem is fixed now. Paths beginning with "/../" caused problems: -------------------------------------------- When composing the temporary virtual path for a new file, don't call clean_path(). It is unnecessary and it also caused a problem if this path would begin with /../, because on UNIX systems, canonpath() removes /../ at the beginning of a path. So if a user wanted to create the file /../file.ext (but he wasn't allowed to), he created /file.ext. Deny changing file properties in some cases: -------------------------------------------- - Do not allow to change the properties of the root directory - Do not allow to change the properties of a file in use Deny overwriting files: ----------------------- - While processing a file upload, check if the user wants to replace a directory or overwrite a write-protected file - If the user wants to copy or rename a file, check if he wants to overwrite a write-protected file - Do not allow to upload a file if a file with the same virtual name is currently in use Validate file uploads: ---------------------- Dev-Editor now tries to validate a file upload by checking the handle created by the CGI module. Improved configuration file parser: ----------------------------------- - The parser now ignores lines like that: = Value Such lines could lead to properties with empty keys in the configuration hash. - Allow configuration options with empty values - If a option is defined twice, the line number of the second one is shown in the error message Output changes: --------------- - More encoding of HTML entities - In directory listing, the "Edit" link of files in use were not greyed (very nasty) - Show the name of the lock file in error messages even if it has not been defined in the configuration file Small internal changes: ----------------------- - The file saving process is now completely centralized in File::Access - When generating a redirection header, check if we really have to create a query string - Fixed a bug occuring if the "curdir" CGI parameter had no trailing slash and the "newfile" parameter had no leading slash - Dev-Editor now takes more care of Windows drive letters - Trying to increase speed of the script by surrounding static values by single quotes - Code cleaning New in version 2.2a (2004-11-29) -------------------------------- File uploads did not work: -------------------------- Dev-Editor normally tests if it has enough permissions to upload a file to a directory. But the condition was missing and so Dev-Editor always aborted file uploads and didn't even display the dialogue. New in version 2.2 (2004-11-27) ------------------------------- `chgrp` system command and numerical group names: ------------------------------------------------- When changing the group, Dev-Editor is now using the `chgrp` system command. This allows to use numerical group names. Before, Dev-Editor handled numerical values as group IDs. Checking root directory: ------------------------ Dev-Editor now checks if the root directory exists and if it may be accessed. This fixed also bug where it was possible to access the physical root directory if Dev-Editor could not enter the virtual root directory. Checking directory permissions: ------------------------------- Dev-Editor does some simple checks of directory permissions now: - Inaccessible directories are greyed in directory listing. You cannot access them, but the actions are not disabled, because they may work. - Actions needing write access to a directory are aborted if Dev-Editor has no write access. Access a directory structure similar to the root directory: ----------------------------------------------------------- The path the user wants to access must now BEGIN with the root directory. The old check made it possible to access a directory structure outside the root directory similar to the root directory. Changing mode of a directory with mode 000: ------------------------------------------- It was not possible to change the mode of a directory with mode 000. Upload only to directories: --------------------------- Dev-Editor now checks if the user really uploads a file to a directory. Improved About dialogue: ------------------------ - Dev-Editor now only shows the main group ID of the process user. - Dev-Editor also shows the current umask of the process. - Special chars in most values are now encoded to entities. Added