#
# Some shared sub routines
#
-# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-07-30
+# Author: Patrick Canterino <patrick@patshaping.de>
+# Last modified: 2005-11-10
#
use strict;
@EXPORT = qw(check_path
clean_path
devedit_reload
+ dos_wildcard_match
+ encode_html
equal_url
file_name
+ is_forbidden_file
mode_string
+ multi_string
upper_path);
# check_path()
#
-# Check, if a virtual path is above a virtual root directory
+# Check if a virtual path is above a virtual root directory
# (currently no check if the path exists - check otherwise!)
#
# Params: 1. Virtual root directory
$root = abs_path($root);
$root = File::Spec->canonpath($root);
- $path =~ s!^/{1}!!;
- $path = $root."/".$path;
+ $path =~ tr!\\!/!;
+ $path =~ s!^/+!!;
+ $path = $root.'/'.$path;
- unless(-d $path)
- {
- # The path points to a file
- # We have to extract the directory name and create the absolute path
+ # We extract the last part of the path and create the absolute path
- my $dir = upper_path($path);
- my $file = file_name($path);
+ my $first = upper_path($path);
+ $first = File::Spec->canonpath($first);
+ $first = abs_path($first);
- $dir = abs_path($dir);
- $path = $dir."/".$file;
- }
- else
+ my $last = file_name($path);
+ $last = '' if($last eq '.');
+
+ if($last eq '..' || ($^O eq 'MSWin32' && $last =~ m!^\.\.\.+$!))
{
- $path = abs_path($path);
+ $first = abs_path($first.'/'.$last);
+ $last = '';
}
- $path = File::Spec->canonpath($path);
+ $path = File::Spec->canonpath($first.'/'.$last);
# Check if the path is above the root directory
- return if(index($path,$root) == -1);
+ return if(index($path,$root) != 0);
+ return if(substr($path,length($root)) && not File::Spec->file_name_is_absolute(substr($path,length($root))));
# Create short path name
my $short_path = substr($path,length($root));
- $short_path =~ tr!\\!\/!;
- $short_path = "/".$short_path if($short_path !~ m!^/!);
- $short_path = $short_path."/" if($short_path !~ m!/$! && -d $path);
+ $short_path =~ tr!\\!/!;
+ $short_path = '/'.$short_path if($short_path !~ m!^/!);
+ $short_path = $short_path.'/' if($short_path !~ m!/$! && -d $path && not -l $path);
return ($path,$short_path);
}
# with some other parameters
#
# Params: Hash Reference (will be merged to a query string)
+# (optional)
#
# Return: HTTP redirection header (Scalar Reference)
-sub devedit_reload($)
+sub devedit_reload(;$)
{
my $params = shift;
# Detect the protocol (simple HTTP or SSL encrypted HTTP)
# and check if the server listens on the default port
- my $protocol = "";
- my $port = "";
+ my $protocol = '';
+ my $port = '';
if(https)
{
# SSL encrypted HTTP (HTTPS)
- $protocol = "https";
- $port = ":".$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 443);
+ $protocol = 'https';
+ $port = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 443);
}
else
{
# Simple HTTP
- $protocol = "http";
- $port = ":".$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 80);
+ $protocol = 'http';
+ $port = ':'.$ENV{'SERVER_PORT'} if($ENV{'SERVER_PORT'} != 80);
}
# The following code is grabbed from Template::_query of
# Andre Malo's selfforum (http://sourceforge.net/projects/selfforum/)
# and modified by Patrick Canterino
- my $query = '?'.join ('&' =>
- map {
- (ref)
- ? map{escape ($_).'='.escape ($params -> {$_})} @{$params -> {$_}}
- : escape ($_).'='.escape ($params -> {$_})
- } keys %$params
- );
+ my $query = '';
+
+ if(ref($params) eq 'HASH')
+ {
+ $query = '?'.join ('&' =>
+ map {
+ (ref)
+ ? map{escape ($_).'='.escape ($params -> {$_})} @{$params -> {$_}}
+ : escape ($_).'='.escape ($params -> {$_})
+ } keys %$params
+ );
+ }
# Create the redirection header
- my $header = redirect($protocol."://".virtual_host.$port.$ENV{'SCRIPT_NAME'}.$query);
+ my $header = redirect($protocol.'://'.virtual_host.$port.$ENV{'SCRIPT_NAME'}.$query);
return \$header;
}
+# dos_wildcard_match()
+#
+# Check if a string matches against a DOS-style wildcard
+#
+# Params: 1. Pattern
+# 2. String
+#
+# Return: Status code (Boolean)
+
+sub dos_wildcard_match($$)
+{
+ my ($pattern,$string) = @_;
+
+ # The following part is stolen from File::DosGlob
+
+ # escape regex metachars but not glob chars
+ $pattern =~ s:([].+^\-\${}[|]):\\$1:g;
+ # and convert DOS-style wildcards to regex
+ $pattern =~ s/\*/.*/g;
+ $pattern =~ s/\?/.?/g;
+
+ return ($string =~ m|^$pattern$|is);
+}
+
+# encode_html()
+#
+# Encode HTML control characters (< > " &)
+#
+# Params: String to encode
+#
+# Return: Encoded string
+
+sub encode_html($)
+{
+ my $string = shift;
+
+ $string =~ s/&/&/g;
+ $string =~ s/</</g;
+ $string =~ s/>/>/g;
+ $string =~ s/"/"/g;
+
+ return $string;
+}
+
# equal_url()
#
# Create URL equal to a file or directory
my ($root,$path) = @_;
my $url;
- $root =~ s!/$!!;
- $path =~ s!^/!!;
- $url = $root."/".$path;
+ $root =~ s!/+$!!;
+ $path =~ s!^/+!!;
+ $url = $root.'/'.$path;
return $url;
}
my $path = shift;
$path =~ tr!\\!/!;
- unless($path eq "/")
+ unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
{
- $path = substr($path,0,-1) if($path =~ m!/$!);
- $path = substr($path,rindex($path,"/")+1);
+ $path =~ s!/+$!!;
+ $path = substr($path,rindex($path,'/')+1);
}
return $path;
}
+# is_forbidden_file()
+#
+# Check if a file is in the list of forbidden files
+#
+# Params: 1. Array Reference containing the list
+# 2. Filename to check
+#
+# Return: Status code (Boolean)
+
+sub is_forbidden_file($$)
+{
+ my ($list,$file) = @_;
+ $file =~ s!/+$!!g;
+
+ foreach my $entry(@$list)
+ {
+ return 1 if($file eq $entry);
+ return 1 if(index($file,$entry.'/') == 0);
+ }
+
+ return;
+}
+
# mode_string()
#
-# Convert a binary file mode string into a human
-# readable string (rwxr-x-r-x)
-# (also supports SetUID, SetGID and Sticky Bits)
+# Convert a file mode number into a human readable string (rwxr-x-r-x)
+# (also supports SetUID, SetGID and Sticky Bit)
#
-# Params: Binary file mode string
+# Params: File mode number
#
-# Return: Humand readable mode string
+# Return: Human readable mode string
sub mode_string($)
{
my $mode = shift;
- my $string = "";
+ my $string = '';
# User
- $string = ($mode & 00400) ? "r" : "-";
- $string .= ($mode & 00200) ? "w" : "-";
- $string .= ($mode & 00100) ? (($mode & 04000) ? "s" : "x") :
- ($mode & 04000) ? "S" : "-";
+ $string = ($mode & 00400) ? 'r' : '-';
+ $string .= ($mode & 00200) ? 'w' : '-';
+ $string .= ($mode & 00100) ? (($mode & 04000) ? 's' : 'x') :
+ ($mode & 04000) ? 'S' : '-';
# Group
- $string .= ($mode & 00040) ? "r" : "-";
- $string .= ($mode & 00020) ? "w" : "-";
- $string .= ($mode & 00010) ? (($mode & 02000) ? "s" : "x") :
- ($mode & 02000) ? "S" : "-";
+ $string .= ($mode & 00040) ? 'r' : '-';
+ $string .= ($mode & 00020) ? 'w' : '-';
+ $string .= ($mode & 00010) ? (($mode & 02000) ? 's' : 'x') :
+ ($mode & 02000) ? 'S' : '-';
# Other
- $string .= ($mode & 00004) ? "r" : "-";
- $string .= ($mode & 00002) ? "w" : "-";
- $string .= ($mode & 00001) ? (($mode & 01000) ? "t" : "x") :
- ($mode & 01000) ? "T" : "-";
+ $string .= ($mode & 00004) ? 'r' : '-';
+ $string .= ($mode & 00002) ? 'w' : '-';
+ $string .= ($mode & 00001) ? (($mode & 01000) ? 't' : 'x') :
+ ($mode & 01000) ? 'T' : '-';
return $string;
}
+# multi_string()
+#
+# Create a Hash Reference containing three forms of a string
+#
+# Params: String
+#
+# Return: Hash Reference:
+# normal => Normal form of the string
+# html => HTML encoded form (see encode_html())
+# url => URL encoded form
+
+sub multi_string($)
+{
+ my $string = shift;
+ my %multi;
+
+ $multi{'normal'} = $string;
+ $multi{'html'} = encode_html($string);
+ $multi{'url'} = escape($string);
+
+ return \%multi;
+}
+
# upper_path()
#
-# Cut away the last part of a path
+# Remove the last part of a path
+# (the resulting path contains a trailing slash)
#
# Params: Path
#
my $path = shift;
$path =~ tr!\\!/!;
- unless($path eq "/")
+ unless($path =~ m!^/+$! || ($^O eq 'MSWin32' && $path =~ m!^[a-z]:/+$!i))
{
- $path = substr($path,0,-1) if($path =~ m!/$!);
- $path = substr($path,0,rindex($path,"/")+1);
+ $path =~ s!/+$!!;
+ $path = substr($path,0,rindex($path,'/')+1);
}
return $path;