# Dev-Editor's main program
#
# Author: Patrick Canterino <patrick@patshaping.de>
-# Last modified: 2005-04-16
+# Last modified: 2005-06-14
#
use strict;
unless(-r $new_physical && -w $new_physical && -x $new_physical)
{
- abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => $new_virtual});
+ abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)});
}
# Create the physical and the virtual path
$new_physical = File::Spec->canonpath($new_physical.'/'.$file);
$new_virtual .= $file;
+
+ # Check if accessing this file is forbidden
+
+ if(is_forbidden_file($config->{'forbidden'},$new_virtual))
+ {
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
}
# This check has to be performed first or abs_path() will be confused
{
if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file))
{
- # Create a hash containing data submitted by the user
- # (some other necessary information are also included)
-
- my %data = (physical => $physical,
- virtual => $virtual,
- new_physical => $new_physical,
- new_virtual => $new_virtual,
- cgi => $cgi,
- version => $VERSION,
- configfile => CONFIGFILE);
-
- # Execute the command...
-
- my $output = exec_command($command,\%data,$config);
-
- # ... and show its output
-
- print $$output;
+ if(is_forbidden_file($config->{'forbidden'},$virtual))
+ {
+ abort($config->{'errors'}->{'forbidden_file'},'/');
+ }
+ else
+ {
+ # Create a hash containing data submitted by the user
+ # (some other necessary information are also included)
+
+ my %data = (physical => $physical,
+ virtual => $virtual,
+ new_physical => $new_physical,
+ new_virtual => $new_virtual,
+ cgi => $cgi,
+ version => $VERSION,
+ configfile => CONFIGFILE);
+
+ # Execute the command...
+
+ my $output = exec_command($command,\%data,$config);
+
+ # ... and show its output
+
+ print $$output;
+ }
}
else
{