X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/3e5f525985e4357d65f2c3aab4f502107408d5c8..d87c7b145a2f8ca073a19d38b39856b328a69c1d:/modules/Command.pm diff --git a/modules/Command.pm b/modules/Command.pm index 1c5afa0..b2bbfe9 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2005-05-05 +# Last modified: 2005-06-14 # use strict; @@ -31,17 +31,17 @@ use Template; my $script = encode_html($ENV{'SCRIPT_NAME'}); my $users = eval('getpwuid(0)') && eval('getgrgid(0)'); -my %dispatch = ('show' => \&exec_show, - 'beginedit' => \&exec_beginedit, - 'endedit' => \&exec_endedit, - 'mkdir' => \&exec_mkdir, - 'mkfile' => \&exec_mkfile, - 'upload' => \&exec_upload, - 'copy' => \&exec_copy, - 'rename' => \&exec_rename, - 'remove' => \&exec_remove, - 'chprop' => \&exec_chprop, - 'about' => \&exec_about +my %dispatch = ('show' => \&exec_show, + 'beginedit' => \&exec_beginedit, + 'endedit' => \&exec_endedit, + 'mkdir' => \&exec_mkdir, + 'mkfile' => \&exec_mkfile, + 'upload' => \&exec_upload, + 'copy' => \&exec_copy, + 'rename' => \&exec_rename, + 'remove' => \&exec_remove, + 'chprop' => \&exec_chprop, + 'about' => \&exec_about ); ### Export ### @@ -101,7 +101,7 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); + return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; @@ -148,6 +148,7 @@ sub exec_show($$) $dtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); $dtpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); + $dtpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path); $dtpl->parse_if_block('users',$users && -o $phys_path); @@ -182,6 +183,7 @@ sub exec_show($$) $ftpl->parse_if_block('writeable',-w $phys_path); $ftpl->parse_if_block('binary',-B $phys_path); + $ftpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $ftpl->parse_if_block('viewable',(-r $phys_path && -T $phys_path && not $too_large) || -l $phys_path); $ftpl->parse_if_block('editable',(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not -l $phys_path); @@ -306,7 +308,7 @@ sub exec_beginedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5sum); $tpl->fillin('CONTENT',encode_html($$content)); @@ -363,8 +365,8 @@ sub exec_endedit($$) local *FILE; - sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); - file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}) }; + sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}); + file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}) }; my $md5 = new Digest::MD5; $md5->addfile(*FILE); @@ -385,7 +387,7 @@ sub exec_endedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5file); $tpl->fillin('CONTENT',encode_html($content)); @@ -512,8 +514,8 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; - return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical && not -l $physical); - return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical); + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)}) unless(-w $physical); if(my $uploaded_file = $cgi->param('uploaded_file')) { @@ -551,7 +553,7 @@ sub exec_upload($$) $tpl->fillin('DIR',encode_html($virtual)); $tpl->fillin('DIR_URL',escape($virtual)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -606,7 +608,7 @@ sub exec_copy($$) $tpl->fillin('DIR_URL',escape($dir)); $tpl->fillin('COMMAND','copy'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -627,7 +629,7 @@ sub exec_copy($$) $tpl->fillin('FILE',encode_html($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -659,9 +661,8 @@ sub exec_rename($$) if($new_physical) { - my $new_virtual = $data->{'new_virtual'}; - my $new_dir = upper_path($new_virtual); - $new_virtual = encode_html($new_virtual); + my $new_virtual = multi_string($data->{'new_virtual'}); + my $new_dir = upper_path($new_virtual->{'normal'}); if(-e $new_physical) { @@ -673,14 +674,14 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - $tpl->fillin('FILE',$virtual); - $tpl->fillin('NEW_FILE',$new_virtual); - $tpl->fillin('NEW_FILENAME',file_name($new_virtual)); - $tpl->fillin('NEW_DIR',$new_dir); - $tpl->fillin('DIR',$dir); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('COMMAND','rename'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -690,7 +691,7 @@ sub exec_rename($$) } } - move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); return devedit_reload({command => 'show', file => $new_dir}); } else @@ -698,10 +699,10 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'renamefile'}); - $tpl->fillin('FILE',$virtual); + $tpl->fillin('FILE',encode_html($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -748,7 +749,7 @@ sub exec_remove($$) $tpl->fillin('DIR_URL',escape($virtual)); $tpl->fillin('UPPER_DIR',encode_html($dir)); $tpl->fillin('UPPER_DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -775,7 +776,7 @@ sub exec_remove($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -817,6 +818,7 @@ sub exec_chprop($$) { # Change the mode + return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/); chmod(oct($mode),$physical); } @@ -863,7 +865,7 @@ sub exec_chprop($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html');