X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/2ad9ec6883d81c3389d4ce307ad2d36b48aa0e5a..d87c7b145a2f8ca073a19d38b39856b328a69c1d:/devedit.pl?ds=inline diff --git a/devedit.pl b/devedit.pl index 3fd8641..03cfd81 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2005-04-22 +# Last modified: 2005-06-14 # use strict; @@ -94,6 +94,13 @@ if($newfile ne '' && $newfile !~ /^\s+$/) $new_physical = File::Spec->canonpath($new_physical.'/'.$file); $new_virtual .= $file; + + # Check if accessing this file is forbidden + + if(is_forbidden_file($config->{'forbidden'},$new_virtual)) + { + abort($config->{'errors'}->{'forbidden_file'},'/'); + } } # This check has to be performed first or abs_path() will be confused @@ -104,24 +111,31 @@ if(-e $temp_path || -l $temp_path) { if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file)) { - # Create a hash containing data submitted by the user - # (some other necessary information are also included) - - my %data = (physical => $physical, - virtual => $virtual, - new_physical => $new_physical, - new_virtual => $new_virtual, - cgi => $cgi, - version => $VERSION, - configfile => CONFIGFILE); - - # Execute the command... - - my $output = exec_command($command,\%data,$config); - - # ... and show its output - - print $$output; + if(is_forbidden_file($config->{'forbidden'},$virtual)) + { + abort($config->{'errors'}->{'forbidden_file'},'/'); + } + else + { + # Create a hash containing data submitted by the user + # (some other necessary information are also included) + + my %data = (physical => $physical, + virtual => $virtual, + new_physical => $new_physical, + new_virtual => $new_virtual, + cgi => $cgi, + version => $VERSION, + configfile => CONFIGFILE); + + # Execute the command... + + my $output = exec_command($command,\%data,$config); + + # ... and show its output + + print $$output; + } } else {