+ my $cgi = $data->{'cgi'};
+
+ my @files = $cgi->param('files');
+ my @new_files;
+
+ if(@files)
+ {
+ foreach my $file(@files)
+ {
+ # Filter out some "bad" files (e.g. files going up in the
+ # directory hierarchy or files containing slashes (it's too
+ # dangerous...)
+
+ next if($file =~ m!^\.+$!);
+ next if($file =~ m!/!);
+ next if($file =~ m!\\!);
+
+ push(@new_files,$file);
+ }
+ }
+
+ if(@new_files)
+ {
+ if($cgi->param('confirmed'))
+ {
+ my @success;
+ my @failed;
+
+ foreach my $file(@new_files)
+ {
+ my $file_path = clean_path($physical.'/'.$file);
+
+ if(-e $file_path)
+ {
+ if(-d $file_path && not -l $file_path)
+ {
+ # Remove a directory
+
+ if(rmtree($file_path))
+ {
+ push(@success,clean_path($file));
+ }
+ else
+ {
+ push(@failed,clean_path($file));
+ }
+ }
+ else
+ {
+ # Remove a file
+
+ if(unlink($file_path))
+ {
+ push(@success,clean_path($file));
+ }
+ else
+ {
+ push(@failed,clean_path($file));
+ }
+ }
+ }
+ else
+ {
+ push(@failed,clean_path($file));
+ }
+ }
+
+ my $tpl = new Template;
+ $tpl->read_file($config->{'templates'}->{'rmmulti'});
+
+ if(scalar(@success) > 0)
+ {
+ if(scalar(@success) == scalar(@new_files) && scalar(@failed) == 0)
+ {
+ return devedit_reload({command => 'show', file => $virtual});
+ }
+ else
+ {
+ $tpl->parse_if_block('success',1);
+
+ foreach my $file_success(@success)
+ {
+ $tpl->add_loop_data('SUCCESS',{FILE => encode_html($file_success),
+ FILE_PATH => encode_html(clean_path($virtual.'/'.$file_success))});
+ }
+ }
+ }
+ else
+ {
+ $tpl->parse_if_block('success',0);
+ }
+
+ if(scalar(@failed) > 0)
+ {
+ $tpl->parse_if_block('failed',1);
+
+ foreach my $file_failed(@failed)
+ {
+ $tpl->add_loop_data('FAILED',{FILE => encode_html($file_failed),
+ FILE_PATH => encode_html(clean_path($virtual.'/'.$file_failed))});
+ }
+ }
+ else
+ {
+ $tpl->parse_if_block('failed',0);
+ }
+
+
+ $tpl->set_var('DIR',encode_html($virtual));
+ $tpl->set_var('SCRIPT',$script);
+
+ $tpl->parse;
+
+ my $output = header(-type => 'text/html');
+ $output .= $tpl->get_template;
+
+ return \$output;
+ }
+ else
+ {
+ my $tpl = new Template;
+ $tpl->read_file($config->{'templates'}->{'confirm_rmmulti'});
+
+ foreach my $file(@new_files)
+ {
+ $tpl->add_loop_data('FILES',{FILE => encode_html($file),
+ FILE_PATH => encode_html(clean_path($virtual.'/'.$file))});
+ }
+
+ $tpl->set_var('COUNT',scalar(@new_files));
+
+ $tpl->set_var('DIR',encode_html($virtual));
+ $tpl->set_var('SCRIPT',$script);
+
+ $tpl->parse;
+
+ my $output = header(-type => 'text/html');
+ $output .= $tpl->get_template;
+
+ return \$output;
+ }
+ }
+ else
+ {
+ return devedit_reload({command => 'show', file => $virtual});
+ }
+}
+
+# exec_chprop()
+#
+# Change the mode and the group of a file or a directory
+#
+# Params: 1. Reference to user input hash
+# 2. Reference to config hash
+#
+# Return: Output of the command (Scalar Reference)
+
+sub exec_chprop($$)
+{
+ my ($data,$config) = @_;
+ my $physical = $data->{'physical'};
+ my $virtual = $data->{'virtual'};
+ my $dir = upper_path($virtual);
+
+ return error($config->{'errors'}->{'no_users'},$dir,{FILE => encode_html($virtual)}) unless($users);
+ return error($config->{'errors'}->{'chprop_root'},'/') if($virtual eq '/');
+ return error($config->{'errors'}->{'not_owner'},$dir,{FILE => encode_html($virtual)}) unless(-o $physical);
+ return error($config->{'errors'}->{'chprop_link'},$dir) if(-l $physical);
+
+ my $cgi = $data->{'cgi'};
+ my $mode = $cgi->param('mode');
+ my $group = $cgi->param('group');
+
+ if($mode || $group)
+ {
+ if($mode)
+ {
+ # Change the mode
+
+ return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/);
+ chmod(oct($mode),$physical);
+ }
+
+ if($group)
+ {
+ # Change the group using the `chgrp` system command
+
+ return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_html($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i);
+ system('chgrp',$group,$physical);
+ }
+
+ return devedit_reload({command => 'show', file => $dir});
+ }
+ else
+ {
+ # Display the form
+
+ my @stat = stat($physical);
+ my $mode = $stat[2];
+ my $gid = $stat[5];
+
+ my $tpl = new Template;
+ $tpl->read_file($config->{'templates'}->{'chprop'});
+
+ # Insert file properties into the template
+
+ $tpl->set_var('MODE_OCTAL',substr(sprintf('%04o',$mode),-4));
+ $tpl->set_var('MODE_STRING',mode_string($mode));
+ $tpl->set_var('GID',$gid);
+
+ if(my $group = getgrgid($gid))
+ {
+ $tpl->set_var('GROUP',encode_html($group));
+ $tpl->parse_if_block('group_detected',1);
+ }
+ else
+ {
+ $tpl->parse_if_block('group_detected',0);
+ }
+
+ # Insert other information
+
+ $tpl->set_var('FILE',encode_html($virtual));
+ $tpl->set_var('FILE_URL',escape($virtual));
+ $tpl->set_var('DIR',encode_html($dir));
+ $tpl->set_var('DIR_URL',escape($dir));
+ $tpl->set_var('URL',encode_html(equal_url($config->{'httproot'},$virtual)));
+ $tpl->set_var('SCRIPT',$script);
+
+ $tpl->parse;
+
+ my $output = header(-type => 'text/html');
+ $output .= $tpl->get_template;
+
+ return \$output;
+ }
+}
+
+# exec_about()
+#
+# Display some information about Dev-Editor
+#
+# Params: 1. Reference to user input hash
+# 2. Reference to config hash
+#
+# Return: Output of the command (Scalar Reference)
+
+sub exec_about($$)
+{
+ my ($data,$config) = @_;
+
+ my $tpl = new Template;
+ $tpl->read_file($config->{'templates'}->{'about'});
+
+ $tpl->set_var('SCRIPT',$script);
+
+ # Dev-Editor's version number
+
+ $tpl->set_var('VERSION',$data->{'version'});
+
+ # Some path information
+
+ $tpl->set_var('SCRIPT_PHYS',encode_html($ENV{'SCRIPT_FILENAME'}));
+ $tpl->set_var('CONFIG_PATH',encode_html($data->{'configfile'}));
+ $tpl->set_var('FILE_ROOT', encode_html($config->{'fileroot'}));
+ $tpl->set_var('HTTP_ROOT', encode_html($config->{'httproot'}));
+
+ # Perl
+
+ $tpl->set_var('PERL_PROG',encode_html($^X));
+ $tpl->set_var('PERL_VER', sprintf('%vd',$^V));
+
+ # Information about the server
+
+ $tpl->set_var('HTTPD',encode_html($ENV{'SERVER_SOFTWARE'}));
+ $tpl->set_var('OS', encode_html($^O));
+ $tpl->set_var('TIME', encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime : localtime)));
+
+ $tpl->parse_if_block('gmt',$config->{'use_gmt'});
+
+ # Process information
+
+ $tpl->set_var('PID',$$);
+
+ # The following information is only available on systems supporting
+ # users and groups
+
+ if($users)
+ {
+ # Dev-Editor is running on a system which allows users and groups
+ # So we display the user and the group of our process
+
+ my $uid = POSIX::getuid;
+ my $gid = POSIX::getgid;
+
+ $tpl->parse_if_block('users',1);
+
+ # IDs of user and group
+
+ $tpl->set_var('UID',$uid);
+ $tpl->set_var('GID',$gid);
+
+ # Names of user and group
+
+ if(my $user = getpwuid($uid))
+ {
+ $tpl->set_var('USER',encode_html($user));
+ $tpl->parse_if_block('user_detected',1);
+ }
+ else
+ {
+ $tpl->parse_if_block('user_detected',0);
+ }
+
+ if(my $group = getgrgid($gid))
+ {
+ $tpl->set_var('GROUP',encode_html($group));
+ $tpl->parse_if_block('group_detected',1);
+ }
+ else
+ {
+ $tpl->parse_if_block('group_detected',0);
+ }
+
+ # Process umask
+
+ $tpl->set_var('UMASK',sprintf('%04o',umask));
+ }
+ else
+ {
+ $tpl->parse_if_block('users',0);
+ }