#!C:/Programme/Perl/bin/perl.exe -w
#
-# Dev-Editor 2.1
+# Dev-Editor 3.1
#
# Dev-Editor's main program
#
-# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-10-04
+# Author: Patrick Canterino <patrick@patshaping.de>
+# Last modified: 2006-08-24
+#
+# Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
+# Copyright (C) 2003-2009 Patrick Canterino
+# All Rights Reserved.
+#
+# This file can be distributed and/or modified under the terms of
+# of the Artistic License 1.0 (see also the LICENSE file found at
+# the top level of the Dev-Editor distribution).
#
use strict;
use CGI;
use Config::DevEdit;
-use File::UseList;
use Command;
use Output;
use Tool;
-$VERSION = '2.1';
+$VERSION = '3.1';
# Path to configuration file
# Change if necessary!
-use constant CONFIGFILE => 'devedit.dat';
+use constant CONFIGFILE => 'devedit.conf';
# Read the configuration file
my $config = read_config(CONFIGFILE);
error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
+# Check if the root directory exists
+
+abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'} && not -l $config->{'fileroot'});
+
+# Check if we are able to access the root directory
+
+abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
+
# Read the most important form data
my $cgi = new CGI;
my $newfile = $cgi->param('newfile') || '';
# Create physical and virtual path for the new file
-# This section has to be optimized - ugh!
my $new_physical = '';
my $new_virtual = '';
if($newfile ne '' && $newfile !~ /^\s+$/)
{
- $curdir = upper_path($file) if($curdir eq '');
- my $path = clean_path($curdir.$newfile);
+ my $path = $curdir.'/'.$newfile;
# Extract file and directory name...
# ... check if the directory exists ...
- unless(-d clean_path($config->{'fileroot'}."/".$dir))
+ my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir);
+
+ unless(-d $temp_path && not -l $temp_path)
{
- abort($config->{'errors'}->{'dir_not_exist'});
+ abort($config->{'errors'}->{'dir_not_exist'},'/');
}
# ... and check if the path is above the root directory
unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir))
{
- abort($config->{'errors'}->{'create_ar'});
+ abort($config->{'errors'}->{'create_above_root'},'/');
+ }
+
+ # Check if we have enough permissions to create a file
+ # in this directory
+
+ unless(-r $new_physical && -w $new_physical && -x $new_physical)
+ {
+ abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)});
}
# Create the physical and the virtual path
- $new_physical = File::Spec->canonpath($new_physical."/".$file);
+ $new_physical = File::Spec->canonpath($new_physical.'/'.$file);
$new_virtual .= $file;
+
+ # Check if accessing this file is forbidden
+
+ if(is_forbidden_file($config->{'forbidden'},$new_virtual))
+ {
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
}
# This check has to be performed first or abs_path() will be confused
-if(-e clean_path($config->{'fileroot'}."/".$file))
+my $temp_path = clean_path($config->{'fileroot'}.'/'.$file);
+
+if(-e $temp_path || -l $temp_path)
{
if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
{
- # Create a File::UseList object and load the list
-
- my $uselist = new File::UseList(listfile => $config->{'uselist_file'},
- lockfile => $config->{'lock_file'},
- timeout => $config->{'lock_timeout'});
-
- $uselist->lock or abort($config->{'errors'}->{'lock_failed'},{USELIST => $config->{'uselist_file'}, LOCK_FILE => $config->{'lock_file'}});
- $uselist->load;
-
- # Create a hash with data submitted by user
- # (some other necessary information will also be included)
-
- my %data = (physical => $physical,
- virtual => $virtual,
- new_physical => $new_physical,
- new_virtual => $new_virtual,
- uselist => $uselist,
- cgi => $cgi,
- version => $VERSION,
- configfile => CONFIGFILE);
-
- my $output = exec_command($command,\%data,$config); # Execute the command...
-
- $uselist->unlock; # ... unlock the list with files in use...
- print $$output; # ... and show the output of the command
+ if(is_forbidden_file($config->{'forbidden'},$virtual))
+ {
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
+ else
+ {
+ # Create a hash containing data submitted by the user
+ # (some other necessary information are also included)
+
+ my %data = (physical => $physical,
+ virtual => $virtual,
+ new_physical => $new_physical,
+ new_virtual => $new_virtual,
+ cgi => $cgi,
+ version => $VERSION,
+ configfile => CONFIGFILE);
+
+ # Execute the command...
+
+ my $output = exec_command($command,\%data,$config);
+
+ # ... and show its output
+
+ print $$output;
+ }
}
else
{
- abort($config->{'errors'}->{'above_root'});
+ abort($config->{'errors'}->{'above_root'},'/');
}
}
else
{
- abort($config->{'errors'}->{'not_exist'});
+ abort($config->{'errors'}->{'not_found'},'/');
}
#