- Before changing the permissions of a file, check if the user entered a valid

[devedit.git] / modules / Command.pm

diff --git a/modules/Command.pm b/modules/Command.pm
index 2e0933b6b9f3a122592337ca4fcd5f29778cfa51..891b214640b4b838fd00f4a1cc9346d3f51bdb1a 100644 (file)
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -6,7 +6,7 @@ package Command;
 # Execute Dev-Editor's commands
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
-# Last modified: 2005-04-22
+# Last modified: 2005-05-15
 #
 
 use strict;
@@ -101,7 +101,7 @@ sub exec_show($$)
   return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical);
 
   my $direntries = dir_read($physical);
-  return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries);
+  return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries);
 
   my $files = $direntries->{'files'};
   my $dirs  = $direntries->{'dirs'};
@@ -178,10 +178,9 @@ sub exec_show($$)
    $ftpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'}));
 
    $ftpl->parse_if_block('link',-l $phys_path);
-   $ftpl->parse_if_block('no_link',not -l $phys_path);
-   $ftpl->parse_if_block('not_readable',not -r $phys_path);
+   $ftpl->parse_if_block('readable',-r $phys_path);
+   $ftpl->parse_if_block('writeable',-w $phys_path);
    $ftpl->parse_if_block('binary',-B $phys_path);
-   $ftpl->parse_if_block('readonly',not -w $phys_path);
 
    $ftpl->parse_if_block('viewable',(-r $phys_path && -T $phys_path && not $too_large) || -l $phys_path);
    $ftpl->parse_if_block('editable',(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not -l $phys_path);
@@ -281,7 +280,6 @@ sub exec_beginedit($$)
  my $physical       = $data->{'physical'};
  my $virtual        = $data->{'virtual'};
  my $dir            = upper_path($virtual);
- my $cgi            = $data->{'cgi'};
 
  return error($config->{'errors'}->{'link_edit'},$dir) if(-l $physical);
  return error($config->{'errors'}->{'dir_edit'}, $dir) if(-d $physical);
@@ -295,7 +293,7 @@ sub exec_beginedit($$)
 
  return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'});
 
- # ... and show the editing form
+ # Show the editing form
 
  my $content =  file_read($physical);
  my $md5sum  =  md5_hex($$content);
@@ -618,7 +616,7 @@ sub exec_copy($$)
    }
   }
 
-  copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual});
+  copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}});
   return devedit_reload({command => 'show', file => $new_dir});
  }
  else
@@ -805,9 +803,9 @@ sub exec_chprop($$)
  my $dir            = upper_path($virtual);
 
  return error($config->{'errors'}->{'no_users'},$dir,{FILE => encode_html($virtual)})  unless($users);
- return error($config->{'errors'}->{'chprop_root'},'/')                   if($virtual eq '/');
+ return error($config->{'errors'}->{'chprop_root'},'/')                                if($virtual eq '/');
  return error($config->{'errors'}->{'not_owner'},$dir,{FILE => encode_html($virtual)}) unless(-o $physical);
- return error($config->{'errors'}->{'chprop_link'},$dir)                  if(-l $physical);
+ return error($config->{'errors'}->{'chprop_link'},$dir)                               if(-l $physical);
 
  my $cgi   = $data->{'cgi'};
  my $mode  = $cgi->param('mode');
@@ -819,6 +817,7 @@ sub exec_chprop($$)
   {
    # Change the mode
 
+   return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/);
    chmod(oct($mode),$physical);
   }