#!C:/Programme/Perl/bin/perl.exe -w
#
-# Dev-Editor 1.2
+# Dev-Editor 3.0
#
# Dev-Editor's main program
#
-# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-01-16
+# Author: Patrick Canterino <patrick@patshaping.de>
+# Last modified: 2005-06-14
#
use strict;
use CGI::Carp qw(fatalsToBrowser);
+use vars qw($VERSION);
use lib 'modules';
use CGI;
use Config::DevEdit;
-use File::UseList;
use Command;
use Output;
use Tool;
-use constant CONFIGFILE => 'devedit.dat';
+$VERSION = '3.0';
+
+# Path to configuration file
+# Change if necessary!
+
+use constant CONFIGFILE => 'devedit.conf';
# Read the configuration file
my $config = read_config(CONFIGFILE);
+error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
+
+# Check if the root directory exists
+
+abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'} && not -l $config->{'fileroot'});
+
+# Check if we are able to access the root directory
+
+abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
# Read the most important form data
my $newfile = $cgi->param('newfile') || '';
# Create physical and virtual path for the new file
-# This section has to be optimized - ugh!
my $new_physical = '';
my $new_virtual = '';
-if($newfile ne '')
+if($newfile ne '' && $newfile !~ /^\s+$/)
{
$curdir = upper_path($file) if($curdir eq '');
- my $path = clean_path($curdir.$newfile);
+ my $path = $curdir.'/'.$newfile;
# Extract file and directory name...
# ... check if the directory exists ...
- unless(-d clean_path($config->{'fileroot'}."/".$dir))
+ my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir);
+
+ unless(-d $temp_path && not -l $temp_path)
{
- abort("The directory where you want to create this file or directory doesn't exist.");
+ abort($config->{'errors'}->{'dir_not_exist'},'/');
}
# ... and check if the path is above the root directory
unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir))
{
- abort("You aren't allowed to create files and directories above the virtual root directory.");
+ abort($config->{'errors'}->{'create_above_root'},'/');
+ }
+
+ # Check if we have enough permissions to create a file
+ # in this directory
+
+ unless(-r $new_physical && -w $new_physical && -x $new_physical)
+ {
+ abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)});
}
# Create the physical and the virtual path
- $new_physical = File::Spec->canonpath($new_physical."/".$file);
+ $new_physical = File::Spec->canonpath($new_physical.'/'.$file);
$new_virtual .= $file;
-}
-# This check has to be performed first, or abs_path() will be confused
+ # Check if accessing this file is forbidden
-if(-e clean_path($config->{'fileroot'}."/".$file))
-{
- if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
+ if(is_forbidden_file($config->{'forbidden'},$new_virtual))
{
- # Create a File::UseList object and load the list
-
- my $uselist = new File::UseList(listfile => $config->{'uselist_file'},
- lockfile => $config->{'lock_file'},
- timeout => $config->{'lock_timeout'});
-
- $uselist->lock or abort("Locking of $config->{'uselist_file'} failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ($config->{'lock_file'}).");
- $uselist->load;
-
- # Create a hash with data submitted by user
- # (the CGI and the File::UseList object will also be included)
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
+}
- my %data = (physical => $physical,
- virtual => $virtual,
- new_physical => $new_physical,
- new_virtual => $new_virtual,
- uselist => $uselist,
- cgi => $cgi);
+# This check has to be performed first or abs_path() will be confused
- my $output = exec_command($command,\%data,$config); # Execute the command...
+my $temp_path = clean_path($config->{'fileroot'}.'/'.$file);
- $uselist->unlock; # ... unlock the list with files in use...
- print $$output; # ... and print the output of the command
+if(-e $temp_path || -l $temp_path)
+{
+ if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
+ {
+ if(is_forbidden_file($config->{'forbidden'},$virtual))
+ {
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
+ else
+ {
+ # Create a hash containing data submitted by the user
+ # (some other necessary information are also included)
+
+ my %data = (physical => $physical,
+ virtual => $virtual,
+ new_physical => $new_physical,
+ new_virtual => $new_virtual,
+ cgi => $cgi,
+ version => $VERSION,
+ configfile => CONFIGFILE);
+
+ # Execute the command...
+
+ my $output = exec_command($command,\%data,$config);
+
+ # ... and show its output
+
+ print $$output;
+ }
}
else
{
- abort("Accessing files and directories above the virtual root directory is forbidden.");
+ abort($config->{'errors'}->{'above_root'},'/');
}
}
else
{
- abort("File/directory does not exist.");
+ abort($config->{'errors'}->{'not_found'},'/');
}
#