X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/2ad9ec6883d81c3389d4ce307ad2d36b48aa0e5a..d615cfcba804c343758fe9363553891cb0fede67:/modules/Command.pm?ds=sidebyside diff --git a/modules/Command.pm b/modules/Command.pm index bbad3f1..f42deeb 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2005-04-22 +# Last modified: 2005-06-14 # use strict; @@ -31,17 +31,17 @@ use Template; my $script = encode_html($ENV{'SCRIPT_NAME'}); my $users = eval('getpwuid(0)') && eval('getgrgid(0)'); -my %dispatch = ('show' => \&exec_show, - 'beginedit' => \&exec_beginedit, - 'endedit' => \&exec_endedit, - 'mkdir' => \&exec_mkdir, - 'mkfile' => \&exec_mkfile, - 'upload' => \&exec_upload, - 'copy' => \&exec_copy, - 'rename' => \&exec_rename, - 'remove' => \&exec_remove, - 'chprop' => \&exec_chprop, - 'about' => \&exec_about +my %dispatch = ('show' => \&exec_show, + 'beginedit' => \&exec_beginedit, + 'endedit' => \&exec_endedit, + 'mkdir' => \&exec_mkdir, + 'mkfile' => \&exec_mkfile, + 'upload' => \&exec_upload, + 'copy' => \&exec_copy, + 'rename' => \&exec_rename, + 'remove' => \&exec_remove, + 'chprop' => \&exec_chprop, + 'about' => \&exec_about ); ### Export ### @@ -101,7 +101,7 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); + return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; @@ -148,6 +148,7 @@ sub exec_show($$) $dtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); $dtpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); + $dtpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path); $dtpl->parse_if_block('users',$users && -o $phys_path); @@ -178,11 +179,11 @@ sub exec_show($$) $ftpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); $ftpl->parse_if_block('link',-l $phys_path); - $ftpl->parse_if_block('no_link',not -l $phys_path); - $ftpl->parse_if_block('not_readable',not -r $phys_path); + $ftpl->parse_if_block('readable',-r $phys_path); + $ftpl->parse_if_block('writeable',-w $phys_path); $ftpl->parse_if_block('binary',-B $phys_path); - $ftpl->parse_if_block('readonly',not -w $phys_path); + $ftpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $ftpl->parse_if_block('viewable',(-r $phys_path && -T $phys_path && not $too_large) || -l $phys_path); $ftpl->parse_if_block('editable',(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not -l $phys_path); @@ -294,7 +295,7 @@ sub exec_beginedit($$) return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}); - # ... and show the editing form + # Show the editing form my $content = file_read($physical); my $md5sum = md5_hex($$content); @@ -307,7 +308,7 @@ sub exec_beginedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5sum); $tpl->fillin('CONTENT',encode_html($$content)); @@ -364,8 +365,8 @@ sub exec_endedit($$) local *FILE; - sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); - file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}) }; + sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}); + file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}) }; my $md5 = new Digest::MD5; $md5->addfile(*FILE); @@ -386,7 +387,7 @@ sub exec_endedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5file); $tpl->fillin('CONTENT',encode_html($content)); @@ -552,7 +553,7 @@ sub exec_upload($$) $tpl->fillin('DIR',encode_html($virtual)); $tpl->fillin('DIR_URL',escape($virtual)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -607,7 +608,7 @@ sub exec_copy($$) $tpl->fillin('DIR_URL',escape($dir)); $tpl->fillin('COMMAND','copy'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -628,7 +629,7 @@ sub exec_copy($$) $tpl->fillin('FILE',encode_html($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -660,9 +661,8 @@ sub exec_rename($$) if($new_physical) { - my $new_virtual = $data->{'new_virtual'}; - my $new_dir = upper_path($new_virtual); - $new_virtual = encode_html($new_virtual); + my $new_virtual = multi_string($data->{'new_virtual'}); + my $new_dir = upper_path($new_virtual->{'normal'}); if(-e $new_physical) { @@ -674,14 +674,14 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - $tpl->fillin('FILE',$virtual); - $tpl->fillin('NEW_FILE',$new_virtual); - $tpl->fillin('NEW_FILENAME',file_name($new_virtual)); - $tpl->fillin('NEW_DIR',$new_dir); - $tpl->fillin('DIR',$dir); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('COMMAND','rename'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -691,7 +691,7 @@ sub exec_rename($$) } } - move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); return devedit_reload({command => 'show', file => $new_dir}); } else @@ -699,10 +699,10 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'renamefile'}); - $tpl->fillin('FILE',$virtual); + $tpl->fillin('FILE',encode_html($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -749,7 +749,7 @@ sub exec_remove($$) $tpl->fillin('DIR_URL',escape($virtual)); $tpl->fillin('UPPER_DIR',encode_html($dir)); $tpl->fillin('UPPER_DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -776,7 +776,7 @@ sub exec_remove($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -804,9 +804,9 @@ sub exec_chprop($$) my $dir = upper_path($virtual); return error($config->{'errors'}->{'no_users'},$dir,{FILE => encode_html($virtual)}) unless($users); - return error($config->{'errors'}->{'chprop_root'},'/') if($virtual eq '/'); + return error($config->{'errors'}->{'chprop_root'},'/') if($virtual eq '/'); return error($config->{'errors'}->{'not_owner'},$dir,{FILE => encode_html($virtual)}) unless(-o $physical); - return error($config->{'errors'}->{'chprop_link'},$dir) if(-l $physical); + return error($config->{'errors'}->{'chprop_link'},$dir) if(-l $physical); my $cgi = $data->{'cgi'}; my $mode = $cgi->param('mode'); @@ -818,6 +818,7 @@ sub exec_chprop($$) { # Change the mode + return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/); chmod(oct($mode),$physical); } @@ -864,7 +865,7 @@ sub exec_chprop($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html');