X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/1ffd7f98c787b767995479114622399c6cb51801..01eb441007a9ab736d2a9b518975379f8c31dcae:/devedit.pl?ds=inline diff --git a/devedit.pl b/devedit.pl index eb03292..03cfd81 100644 --- a/devedit.pl +++ b/devedit.pl @@ -1,12 +1,12 @@ #!C:/Programme/Perl/bin/perl.exe -w # -# Dev-Editor 2.3 +# Dev-Editor 3.0 (CVS) # # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2005-01-06 +# Last modified: 2005-06-14 # use strict; @@ -17,18 +17,17 @@ use lib 'modules'; use CGI; use Config::DevEdit; -use File::UseList; use Command; use Output; use Tool; -$VERSION = '2.3'; +$VERSION = '3.0 (CVS)'; # Path to configuration file # Change if necessary! -use constant CONFIGFILE => 'devedit.dat'; +use constant CONFIGFILE => 'devedit.conf'; # Read the configuration file @@ -37,7 +36,7 @@ error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy... # Check if the root directory exists -abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'}); +abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'} && not -l $config->{'fileroot'}); # Check if we are able to access the root directory @@ -69,7 +68,9 @@ if($newfile ne '' && $newfile !~ /^\s+$/) # ... check if the directory exists ... - unless(-d clean_path($config->{'fileroot'}.'/'.$dir)) + my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir); + + unless(-d $temp_path && not -l $temp_path) { abort($config->{'errors'}->{'dir_not_exist'},'/'); } @@ -78,7 +79,7 @@ if($newfile ne '' && $newfile !~ /^\s+$/) unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir)) { - abort($config->{'errors'}->{'create_ar'},'/'); + abort($config->{'errors'}->{'create_above_root'},'/'); } # Check if we have enough permissions to create a file @@ -86,46 +87,55 @@ if($newfile ne '' && $newfile !~ /^\s+$/) unless(-r $new_physical && -w $new_physical && -x $new_physical) { - abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => $new_virtual}); + abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)}); } # Create the physical and the virtual path $new_physical = File::Spec->canonpath($new_physical.'/'.$file); $new_virtual .= $file; + + # Check if accessing this file is forbidden + + if(is_forbidden_file($config->{'forbidden'},$new_virtual)) + { + abort($config->{'errors'}->{'forbidden_file'},'/'); + } } # This check has to be performed first or abs_path() will be confused -if(-e clean_path($config->{'fileroot'}.'/'.$file)) +my $temp_path = clean_path($config->{'fileroot'}.'/'.$file); + +if(-e $temp_path || -l $temp_path) { if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file)) { - # Create a File::UseList object and load the list - - my $uselist = new File::UseList(listfile => $config->{'uselist_file'}, - lockfile => $config->{'lock_file'}, - timeout => $config->{'lock_timeout'}); - - $uselist->lock or abort($config->{'errors'}->{'lock_failed'},undef,{USELIST => $uselist->{'listfile'}, LOCK_FILE => $uselist->{'lockfile'}}); - $uselist->load; - - # Create a hash with data submitted by user - # (some other necessary information will also be included) - - my %data = (physical => $physical, - virtual => $virtual, - new_physical => $new_physical, - new_virtual => $new_virtual, - uselist => $uselist, - cgi => $cgi, - version => $VERSION, - configfile => CONFIGFILE); - - my $output = exec_command($command,\%data,$config); # Execute the command... - - $uselist->unlock; # ... unlock the list with files in use... - print $$output; # ... and show the output of the command + if(is_forbidden_file($config->{'forbidden'},$virtual)) + { + abort($config->{'errors'}->{'forbidden_file'},'/'); + } + else + { + # Create a hash containing data submitted by the user + # (some other necessary information are also included) + + my %data = (physical => $physical, + virtual => $virtual, + new_physical => $new_physical, + new_virtual => $new_virtual, + cgi => $cgi, + version => $VERSION, + configfile => CONFIGFILE); + + # Execute the command... + + my $output = exec_command($command,\%data,$config); + + # ... and show its output + + print $$output; + } } else { @@ -134,7 +144,7 @@ if(-e clean_path($config->{'fileroot'}.'/'.$file)) } else { - abort($config->{'errors'}->{'not_exist'},'/'); + abort($config->{'errors'}->{'not_found'},'/'); } #