X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/75c789857e82f326c9f1948f4c04ba266ab511c2..40f2eee5acdbe92aca68f47ffc6ee15aa3035f7e:/modules/Command.pm diff --git a/modules/Command.pm b/modules/Command.pm index d62643d..a35abd4 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,43 +6,42 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-12-10 +# Last modified: 2009-03-30 # use strict; use vars qw(@EXPORT); +use Fcntl; use File::Access; use File::Copy; use File::Path; +use Digest::MD5 qw(md5_hex); use POSIX qw(strftime); use Tool; -use CGI qw(header); -use HTML::Entities; +use CGI qw(header + escape); + use Output; use Template; -use Data::Dumper; - -my $script = $ENV{'SCRIPT_NAME'}; -my $users = eval("getpwuid(0)") && eval("getgrgid(0)"); - -my %dispatch = ('show' => \&exec_show, - 'beginedit' => \&exec_beginedit, - 'canceledit' => \&exec_canceledit, - 'endedit' => \&exec_endedit, - 'mkdir' => \&exec_mkdir, - 'mkfile' => \&exec_mkfile, - 'upload' => \&exec_upload, - 'copy' => \&exec_copy, - 'rename' => \&exec_rename, - 'remove' => \&exec_remove, - 'chprop' => \&exec_chprop, - 'unlock' => \&exec_unlock, - 'about' => \&exec_about +my $script = encode_html($ENV{'SCRIPT_NAME'}); +my $users = eval('getpwuid(0)') && eval('getgrgid(0)'); + +my %dispatch = ('show' => \&exec_show, + 'beginedit' => \&exec_beginedit, + 'endedit' => \&exec_endedit, + 'mkdir' => \&exec_mkdir, + 'mkfile' => \&exec_mkfile, + 'upload' => \&exec_upload, + 'copy' => \&exec_copy, + 'rename' => \&exec_rename, + 'remove' => \&exec_remove, + 'chprop' => \&exec_chprop, + 'about' => \&exec_about ); ### Export ### @@ -74,7 +73,7 @@ sub exec_command($$$) } } - return error($config->{'errors'}->{'cmd_unknown'},'/',{COMMAND => $command}); + return error($config->{'errors'}->{'command_unknown'},'/',{COMMAND => encode_html($command)}); } # exec_show() @@ -91,39 +90,40 @@ sub exec_show($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; - my $upper_path = upper_path($virtual); - my $uselist = $data->{'uselist'}; + my $upper_path = multi_string(upper_path($virtual)); my $tpl = new Template; - if(-d $physical) + if(-d $physical && not -l $physical) { # Create directory listing - return error($config->{'errors'}->{'no_dir_access'},$upper_path) unless(-r $physical && -x $physical); + return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'dir_read_fail'},$upper_path,{DIR => $virtual}) unless($direntries); + return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; - my $dir_writeable = -w $physical; + my $dirlist = ''; - my $dirlist = ""; + my $filter1 = $data->{'cgi'}->param('filter') || '*'; # The real wildcard + my $filter2 = ($filter1 && $filter1 ne '*') ? $filter1 : ''; # Wildcard for output # Create the link to the upper directory - # (only if we are not in the root directory) + # (only if the current directory is not the root directory) - unless($virtual eq "/") + unless($virtual eq '/') { - my @stat = stat($physical."/.."); + my @stat = stat($physical.'/..'); my $udtpl = new Template; $udtpl->read_file($config->{'templates'}->{'dirlist_up'}); - $udtpl->fillin("UPPER_DIR",encode_entities($upper_path)); - $udtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); + $udtpl->fillin('UPPER_DIR',$upper_path->{'html'}); + $udtpl->fillin('UPPER_DIR_URL',$upper_path->{'url'}); + $udtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); $dirlist .= $udtpl->get_template; } @@ -132,21 +132,26 @@ sub exec_show($$) foreach my $dir(@$dirs) { - my $phys_path = $physical."/".$dir; - my $virt_path = encode_entities($virtual.$dir."/"); + next if($config->{'hide_dot_files'} && substr($dir,0,1) eq '.'); + next unless(dos_wildcard_match($filter1,$dir)); + + my $phys_path = $physical.'/'.$dir; + my $virt_path = multi_string($virtual.$dir.'/'); my @stat = stat($phys_path); my $dtpl = new Template; $dtpl->read_file($config->{'templates'}->{'dirlist_dir'}); - $dtpl->fillin("DIR",$virt_path); - $dtpl->fillin("DIR_NAME",$dir); - $dtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); - $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); + $dtpl->fillin('DIR',$virt_path->{'html'}); + $dtpl->fillin('DIR_URL',$virt_path->{'url'}); + $dtpl->fillin('DIR_NAME',encode_html($dir)); + $dtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); + $dtpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); - $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path); - $dtpl->parse_if_block("users",$users && -o $phys_path); + $dtpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); + $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path); + $dtpl->parse_if_block('users',$users && -o $phys_path); $dirlist .= $dtpl->get_template; } @@ -155,92 +160,110 @@ sub exec_show($$) foreach my $file(@$files) { - my $phys_path = $physical."/".$file; - my $virt_path = encode_entities($virtual.$file); + next if($config->{'hide_dot_files'} && substr($file,0,1) eq '.'); + next unless(dos_wildcard_match($filter1,$file)); - my @stat = stat($phys_path); - my $in_use = $uselist->in_use($virtual.$file); + my $phys_path = $physical.'/'.$file; + my $virt_path = multi_string($virtual.$file); + + my @stat = lstat($phys_path); my $too_large = $config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}; my $ftpl = new Template; $ftpl->read_file($config->{'templates'}->{'dirlist_file'}); - $ftpl->fillin("FILE",$virt_path); - $ftpl->fillin("FILE_NAME",$file); - $ftpl->fillin("SIZE",$stat[7]); - $ftpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); - $ftpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); + $ftpl->fillin('FILE',$virt_path->{'html'}); + $ftpl->fillin('FILE_URL',$virt_path->{'url'}); + $ftpl->fillin('FILE_NAME',encode_html($file)); + $ftpl->fillin('FILE_URL',$virt_path->{'url'}); + $ftpl->fillin('SIZE',$stat[7]); + $ftpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); + $ftpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); - $ftpl->parse_if_block("not_readable",not -r $phys_path); - $ftpl->parse_if_block("binary",-B $phys_path); - $ftpl->parse_if_block("readonly",not -w $phys_path); + $ftpl->parse_if_block('link',-l $phys_path); + $ftpl->parse_if_block('readable',-r $phys_path); + $ftpl->parse_if_block('writeable',-w $phys_path); + $ftpl->parse_if_block('binary',-B $phys_path); - $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not $too_large); - $ftpl->parse_if_block("editable",(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not $in_use); + $ftpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); + $ftpl->parse_if_block('viewable',(-r $phys_path && -T $phys_path && not $too_large) || -l $phys_path); + $ftpl->parse_if_block('editable',(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not -l $phys_path); - $ftpl->parse_if_block("in_use",$in_use); - $ftpl->parse_if_block("unused",not $in_use); + $ftpl->parse_if_block('too_large',$config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}); - $ftpl->parse_if_block("too_large",$config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}); - - $ftpl->parse_if_block("users",$users && -o $phys_path); + $ftpl->parse_if_block('users',$users && -o $phys_path); $dirlist .= $ftpl->get_template; } $tpl->read_file($config->{'templates'}->{'dirlist'}); - $tpl->fillin("DIRLIST",$dirlist); - $tpl->fillin("DIR",$virtual); - $tpl->fillin("SCRIPT",$script); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('DIRLIST',$dirlist); + $tpl->fillin('DIR',encode_html($virtual)); + $tpl->fillin('DIR_URL',escape($virtual)); + $tpl->fillin('SCRIPT',$script); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + + $tpl->fillin('FILTER',encode_html($filter2)); + $tpl->fillin('FILTER_URL',escape($filter2)); - $tpl->parse_if_block("dir_writeable",$dir_writeable); + $tpl->parse_if_block('empty',$dirlist eq ''); + $tpl->parse_if_block('dir_writeable',-w $physical); + $tpl->parse_if_block('filter',$filter2); + $tpl->parse_if_block('gmt',$config->{'use_gmt'}); + } + elsif(-l $physical) + { + # Show the target of a symbolic link + + my $link_target = readlink($physical); + + $tpl->read_file($config->{'templates'}->{'viewlink'}); + + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',$upper_path->{'html'}); + $tpl->fillin('DIR_URL',$upper_path->{'url'}); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + + $tpl->fillin('LINK_TARGET',encode_html($link_target)); } else { # View a file - return error($config->{'errors'}->{'no_view'},$upper_path) unless(-r $physical); + return error($config->{'errors'}->{'no_view'},$upper_path->{'normal'}) unless(-r $physical); # Check on binary files - # We have to do it in this way, or empty files - # will be recognized as binary files + # We have to do it in this way or empty files will be recognized + # as binary files - unless(-T $physical) - { - # Binary file + return error($config->{'errors'}->{'binary_file'},$upper_path->{'normal'}) unless(-T $physical); - return error($config->{'errors'}->{'binary'},$upper_path); - } - else - { - # Text file + # Is the file too large? - if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}) - { - return error($config->{'errors'}->{'file_too_large'},$upper_path,{SIZE => $config->{'max_file_size'}}) - } - else - { - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + return error($config->{'errors'}->{'file_too_large'},$upper_path->{'normal'},{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}); - $tpl->read_file($config->{'templates'}->{'viewfile'}); + # View the file - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$upper_path); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + my $content = file_read($physical); + $$content =~ s/\015\012|\012|\015/\n/g; - $tpl->parse_if_block("editable",-w $physical && $uselist->unused($virtual)); + $tpl->read_file($config->{'templates'}->{'viewfile'}); - $tpl->fillin("CONTENT",encode_entities($$content)); - } - } + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('FILE_URL',escape($virtual)); + $tpl->fillin('DIR',$upper_path->{'html'}); + $tpl->fillin('DIR_URL',$upper_path->{'url'}); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + + $tpl->parse_if_block('editable',-w $physical); + + $tpl->fillin('CONTENT',encode_html($$content)); } - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -261,69 +284,43 @@ sub exec_beginedit($$) my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); - my $uselist = $data->{'uselist'}; - return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); - return error($config->{'errors'}->{'in_use'}, $dir,{FILE => $virtual}) if($uselist->in_use($virtual)); - return error($config->{'errors'}->{'no_edit'},$dir) unless(-r $physical && -w $physical); + return error($config->{'errors'}->{'link_edit'},$dir) if(-l $physical); + return error($config->{'errors'}->{'dir_edit'}, $dir) if(-d $physical); + return error($config->{'errors'}->{'no_edit'}, $dir) unless(-r $physical && -w $physical); # Check on binary files - unless(-T $physical) - { - # Binary file + return error($config->{'errors'}->{'binary_file'},$dir) unless(-T $physical); - return error($config->{'errors'}->{'binary'},$dir); - } - else - { - if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}) - { - return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) - } - else - { - # Text file + # Is the file too large? - $uselist->add_file($virtual); - $uselist->save; + return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}); - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + # Show the editing form - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'editfile'}); - - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); - $tpl->fillin("CONTENT",encode_entities($$content)); + my $content = file_read($physical); + my $md5sum = md5_hex($$content); + $$content =~ s/\015\012|\012|\015/\n/g; - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'editfile'}); - return \$output; - } - } -} + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('FILE_URL',escape($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + $tpl->fillin('MD5SUM',$md5sum); + $tpl->fillin('CONTENT',encode_html($$content)); -# exec_canceledit() -# -# Abort file editing -# -# Params: 1. Reference to user input hash -# 2. Reference to config hash -# -# Return: Output of the command (Scalar Reference) + $tpl->parse_if_block('error',0); -sub exec_canceledit($$) -{ - my ($data,$config) = @_; - my $virtual = $data->{'virtual'}; + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; - file_unlock($data->{'uselist'},$virtual); - return devedit_reload({command => 'show', file => upper_path($virtual)}); + return \$output; } # exec_endedit() @@ -341,53 +338,90 @@ sub exec_endedit($$) my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); - my $content = $data->{'cgi'}->param('filecontent'); - my $uselist = $data->{'uselist'}; + my $cgi = $data->{'cgi'}; + my $content = $cgi->param('filecontent'); + my $md5sum = $cgi->param('md5sum'); + my $output; - # We already unlock the file at the beginning of the subroutine, - # because if we have to abort this routine, the file keeps locked. - # No other user of Dev-Editor will access the file during this - # routine because of the concept of File::UseList. + if(defined $content && $md5sum) + { + # Normalize newlines + + $content =~ s/\015\012|\012|\015/\n/g; - file_unlock($uselist,$virtual); + if($cgi->param('saveas') && $data->{'new_physical'} ne '' && $data->{'new_virtual'} ne '') + { + # Create the new filename - # Normalize newlines + $physical = $data->{'new_physical'}; + $virtual = $data->{'new_virtual'}; + } - $content =~ s/\015\012|\012|\015/\n/g; + return error($config->{'errors'}->{'link_edit'},$dir) if(-l $physical); + return error($config->{'errors'}->{'dir_edit'},$dir) if(-d $physical); + return error($config->{'errors'}->{'no_edit'},$dir) if(-e $physical && !(-r $physical && -w $physical)); + return error($config->{'errors'}->{'text_to_binary'},$dir) if(-e $physical && not -T $physical); - if($data->{'cgi'}->param('encode_iso')) - { - # Encode all ISO-8859-1 special chars + # For technical reasons, we can't use file_save() for + # saving the file... - $content = encode_entities($content,"\200-\377"); - } + local *FILE; - if($data->{'cgi'}->param('saveas') && $data->{'new_physical'} ne '' && $data->{'new_virtual'} ne '') - { - # Create the new filename + sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}); + file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}) }; - $physical = $data->{'new_physical'}; - $virtual = $data->{'new_virtual'}; + my $md5 = new Digest::MD5; + $md5->addfile(*FILE); - # Check if someone else is editing the new file + my $md5file = $md5->hexdigest; + my $md5data = md5_hex($content); - return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($uselist->in_use($virtual)); - } + if($md5file ne $md5sum && $md5data ne $md5file && not $cgi->param('saveas')) + { + # The file changed meanwhile - return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); - return error($config->{'errors'}->{'no_edit'},$dir) if(-e $physical && !(-r $physical && -w $physical)); - return error($config->{'errors'}->{'text_to_binary'},$dir) unless(-T $physical); + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'editfile'}); - if(file_save($physical,\$content)) - { - # Saving of the file was successful! + $tpl->fillin('ERROR',$config->{'errors'}->{'edit_file_changed'}); - return devedit_reload({command => 'show', file => $dir}); - } - else - { - return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('FILE_URL',escape($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + $tpl->fillin('MD5SUM',$md5file); + $tpl->fillin('CONTENT',encode_html($content)); + + $tpl->parse_if_block('error',1); + + my $data = header(-type => 'text/html'); + $data .= $tpl->get_template; + + $output = \$data; + } + else + { + if($md5data ne $md5file) + { + seek(FILE,0,0); + truncate(FILE,0); + + print FILE $content; + } + + $output = ($cgi->param('continue')) + ? devedit_reload({command => 'beginedit', file => $virtual}) + : devedit_reload({command => 'show', file => $dir}); + } + + close(FILE); + + return $output; } + + return devedit_reload({command => 'beginedit', file => $virtual}); } # exec_mkfile() @@ -405,7 +439,7 @@ sub exec_mkfile($$) my $new_physical = $data->{'new_physical'}; my $new_virtual = $data->{'new_virtual'}; my $dir = upper_path($new_virtual); - $new_virtual = encode_entities($new_virtual); + $new_virtual = encode_html($new_virtual); if($new_physical) { @@ -419,10 +453,10 @@ sub exec_mkfile($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'mkfile'}); - $tpl->fillin("DIR","/"); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('DIR','/'); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -444,12 +478,12 @@ sub exec_mkdir($$) my $new_physical = $data->{'new_physical'}; my $new_virtual = $data->{'new_virtual'}; my $dir = upper_path($new_virtual); - $new_virtual = encode_entities($new_virtual); - - return error($config->{'errors'}->{'file_exists'},$dir,{FILE => $new_virtual}) if(-e $new_physical); + $new_virtual = encode_html($new_virtual); if($new_physical) { + return error($config->{'errors'}->{'file_exists'},$dir,{FILE => $new_virtual}) if(-e $new_physical); + mkdir($new_physical,0777) or return error($config->{'errors'}->{'mkdir_failed'},$dir,{DIR => $new_virtual}); return devedit_reload({command => 'show', file => $dir}); } @@ -458,10 +492,10 @@ sub exec_mkdir($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'mkdir'}); - $tpl->fillin("DIR","/"); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('DIR','/'); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -470,7 +504,7 @@ sub exec_mkdir($$) # exec_upload() # -# Upload a file +# Process a file upload # # Params: 1. Reference to user input hash # 2. Reference to config hash @@ -484,47 +518,57 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; - return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical); - return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical); + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)}) unless(-w $physical); if(my $uploaded_file = $cgi->param('uploaded_file')) { + if($cgi->param('remote_file')) + { + $uploaded_file = $cgi->param('remote_file'); + + $uploaded_file =~ s!/!!g; + $uploaded_file =~ s!\\!!g; + } + # Process file upload my $filename = file_name($uploaded_file); - my $file_phys = $physical."/".$filename; - my $file_virt = $virtual.$filename; + my $file_phys = $physical.'/'.$filename; + my $file_virt = encode_html($virtual.$filename); - return error($config->{'errors'}->{'file_exists'},$virtual,{FILE => $file_virt}) if(-e $file_phys && not $cgi->param('overwrite')); - - my $ascii = $cgi->param('ascii'); - my $handle = $cgi->upload('uploaded_file'); + if(-e $file_phys) + { + return error($config->{'errors'}->{'link_replace'},$virtual) if(-l $file_phys); + return error($config->{'errors'}->{'dir_replace'},$virtual) if(-d $file_phys); + return error($config->{'errors'}->{'exist_no_write'},$virtual,{FILE => $file_virt}) unless(-w $file_phys); + return error($config->{'errors'}->{'file_exists'},$virtual,{FILE => $file_virt}) unless($cgi->param('overwrite')); + } - local *FILE; + my $ascii = $cgi->param('ascii'); + my $handle = $cgi->upload('uploaded_file'); - open(FILE,">".$file_phys) or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); - binmode(FILE) unless($ascii); + return error($config->{'errors'}->{'invalid_upload'},$virtual) unless($handle); # Read transferred file and write it to disk read($handle, my $data, -s $handle); $data =~ s/\015\012|\012|\015/\n/g if($ascii); # Replace line separators if transferring in ASCII mode - print FILE $data; - - close(FILE); + file_save($file_phys,\$data,not $ascii) or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); - return devedit_reload({command => "show", file => $virtual}); + return devedit_reload({command => 'show', file => $virtual}); } else { my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'upload'}); - $tpl->fillin("DIR",$virtual); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('DIR',encode_html($virtual)); + $tpl->fillin('DIR_URL',escape($virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -544,66 +588,96 @@ sub exec_copy($$) { my ($data,$config) = @_; my $physical = $data->{'physical'}; - my $virtual = encode_entities($data->{'virtual'}); + my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); my $new_physical = $data->{'new_physical'}; - return error($config->{'errors'}->{'dircopy'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'no_copy'},upper_path($virtual)) unless(-r $physical); + return error($config->{'errors'}->{'link_copy'},$dir) if(-l $physical); + return error($config->{'errors'}->{'no_copy'},$dir) unless(-r $physical); if($new_physical) { - my $new_virtual = $data->{'new_virtual'}; - my $new_dir = upper_path($new_virtual); - $new_virtual = encode_entities($new_virtual); + my $new_virtual = multi_string($data->{'new_virtual'}); + my $new_dir = upper_path($new_virtual->{'normal'}); - if(-e $new_physical) + if(-d $physical) { - return error($config->{'errors'}->{'exist_edited'},$new_dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'no_copy'},$dir) unless(-x $physical); + return error($config->{'errors'}->{'file_exists'},$dir,{FILE => $new_virtual->{'html'}}) if(-e $new_physical); + return error($config->{'errors'}->{'dir_copy_self'},$dir) if(index($new_virtual->{'normal'},$virtual) == 0); - if(-d $new_physical) - { - return error($config->{'errors'}->{'dir_replace'},$new_dir); - } - elsif(not $data->{'cgi'}->param('confirmed')) + dir_copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); + return devedit_reload({command => 'show', file => $new_dir}); + } + else + { + if(-e $new_physical) { - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'confirm_replace'}); + return error($config->{'errors'}->{'link_replace'},$new_dir) if(-l $new_physical); + return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical); + return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual->{'html'}}) unless(-w $new_physical); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("NEW_FILE",$new_virtual); - $tpl->fillin("NEW_FILENAME",file_name($new_virtual)); - $tpl->fillin("NEW_DIR",$new_dir); - $tpl->fillin("DIR",$dir); + if(not $data->{'cgi'}->param('confirmed')) + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - $tpl->fillin("COMMAND","copy"); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + $tpl->fillin('COMMAND','copy'); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - return \$output; + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } } - } - copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); - return devedit_reload({command => 'show', file => $new_dir}); + copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); + return devedit_reload({command => 'show', file => $new_dir}); + } } else { - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'copyfile'}); + if(-d $physical) + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'copydir'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; - return \$output; + return \$output; + } + else + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'copyfile'}); + + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } } } @@ -624,47 +698,42 @@ sub exec_rename($$) my $dir = upper_path($virtual); my $new_physical = $data->{'new_physical'}; - return error($config->{'errors'}->{'rename_root'},"/") if($virtual eq "/"); - return error($config->{'errors'}->{'no_rename'},$dir) unless(-w upper_path($physical)); - return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); + return error($config->{'errors'}->{'rename_root'},'/') if($virtual eq '/'); + return error($config->{'errors'}->{'no_rename'},$dir) unless(-w upper_path($physical)); if($new_physical) { - my $new_virtual = $data->{'new_virtual'}; - my $new_dir = upper_path($new_virtual); - $new_virtual = encode_entities($new_virtual); + my $new_virtual = multi_string($data->{'new_virtual'}); + my $new_dir = upper_path($new_virtual->{'normal'}); if(-e $new_physical) { - return error($config->{'errors'}->{'exist_edited'},$new_dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical && not -l $new_physical); + return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual}) unless(-w $new_physical); - if(-d $new_physical) - { - return error($config->{'errors'}->{'dir_replace'},$new_dir); - } - elsif(not $data->{'cgi'}->param('confirmed')) + if(not $data->{'cgi'}->param('confirmed')) { my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("NEW_FILE",$new_virtual); - $tpl->fillin("NEW_FILENAME",file_name($new_virtual)); - $tpl->fillin("NEW_DIR",$new_dir); - $tpl->fillin("DIR",$dir); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); - $tpl->fillin("COMMAND","rename"); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('COMMAND','rename'); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; } } - rename($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); return devedit_reload({command => 'show', file => $new_dir}); } else @@ -672,12 +741,13 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'renamefile'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -700,10 +770,10 @@ sub exec_remove($$) my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); - return error($config->{'errors'}->{'remove_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'remove_root'},'/') if($virtual eq '/'); return error($config->{'errors'}->{'no_delete'},$dir) unless(-w upper_path($physical)); - if(-d $physical) + if(-d $physical && not -l $physical) { # Remove a directory @@ -717,12 +787,14 @@ sub exec_remove($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_rmdir'}); - $tpl->fillin("DIR",$virtual); - $tpl->fillin("UPPER_DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('DIR',encode_html($virtual)); + $tpl->fillin('DIR_URL',escape($virtual)); + $tpl->fillin('UPPER_DIR',encode_html($dir)); + $tpl->fillin('UPPER_DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -732,8 +804,6 @@ sub exec_remove($$) { # Remove a file - return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); - if($data->{'cgi'}->param('confirmed')) { unlink($physical) or return error($config->{'errors'}->{'delete_failed'},$dir,{FILE => $virtual}); @@ -744,12 +814,14 @@ sub exec_remove($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_rmfile'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('FILE_URL',escape($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -772,132 +844,73 @@ sub exec_chprop($$) my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); - my $cgi = $data->{'cgi'}; - my $mode = $cgi->param('mode'); - my $group = $cgi->param('group'); - - if($users) - { - # System supports user and groups - - if($virtual ne "/") - { - # Not the root directory - if(-o $physical) - { - # We own this file - - if($mode || $group) - { - if($mode) - { - # Change the mode + return error($config->{'errors'}->{'no_users'},$dir,{FILE => encode_html($virtual)}) unless($users); + return error($config->{'errors'}->{'chprop_root'},'/') if($virtual eq '/'); + return error($config->{'errors'}->{'not_owner'},$dir,{FILE => encode_html($virtual)}) unless(-o $physical); + return error($config->{'errors'}->{'chprop_link'},$dir) if(-l $physical); - chmod(oct($mode),$physical); - } + my $cgi = $data->{'cgi'}; + my $mode = $cgi->param('mode'); + my $group = $cgi->param('group'); - if($group) - { - # Change the group using the `chgrp` system command - - return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_entities($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); - system("chgrp",$group,$physical); - } - - return devedit_reload({command => 'show', file => $dir}); - } - else - { - # Display the form + if($mode || $group) + { + if($mode) + { + # Change the mode - my @stat = stat($physical); - my $mode = $stat[2]; - my $gid = $stat[5]; + return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/); + chmod(oct($mode),$physical); + } - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'chprop'}); + if($group) + { + # Change the group using the `chgrp` system command - # Insert file properties into the template + return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_html($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); + system('chgrp',$group,$physical); + } - $tpl->fillin("MODE_OCTAL",substr(sprintf("%04o",$mode),-4)); - $tpl->fillin("MODE_STRING",mode_string($mode)); - $tpl->fillin("GID",$gid); + return devedit_reload({command => 'show', file => $dir}); + } + else + { + # Display the form - if(my $group = getgrgid($gid)) - { - $tpl->fillin("GROUP",encode_entities($group)); - $tpl->parse_if_block("group_detected",1); - } - else - { - $tpl->parse_if_block("group_detected",0); - } + my @stat = stat($physical); + my $mode = $stat[2]; + my $gid = $stat[5]; - # Insert other information + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'chprop'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + # Insert file properties into the template - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + $tpl->fillin('MODE_OCTAL',substr(sprintf('%04o',$mode),-4)); + $tpl->fillin('MODE_STRING',mode_string($mode)); + $tpl->fillin('GID',$gid); - return \$output; - } - } - else - { - return error($config->{'errors'}->{'not_owner'},$dir,{FILE => $virtual}); - } + if(my $group = getgrgid($gid)) + { + $tpl->fillin('GROUP',encode_html($group)); + $tpl->parse_if_block('group_detected',1); } else { - return error($config->{'errors'}->{'chprop_root'},"/"); + $tpl->parse_if_block('group_detected',0); } - } - else - { - return error($config->{'errors'}->{'no_users'},$dir,{FILE => $virtual}); - } -} - -# exec_unlock() -# -# Remove a file from the list of used files and -# return to directory view -# -# Params: 1. Reference to user input hash -# 2. Reference to config hash -# -# Return: Output of the command (Scalar Reference) - -sub exec_unlock($$) -{ - my ($data,$config) = @_; - my $virtual = $data->{'virtual'}; - my $uselist = $data->{'uselist'}; - my $dir = upper_path($virtual); - - return devedit_reload({command => 'show', file => $dir}) if($uselist->unused($virtual)); - if($data->{'cgi'}->param('confirmed')) - { - file_unlock($uselist,$virtual); - return devedit_reload({command => 'show', file => $dir}); - } - else - { - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'confirm_unlock'}); + # Insert other information - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('FILE_URL',escape($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output; @@ -920,35 +933,38 @@ sub exec_about($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'about'}); - $tpl->fillin("SCRIPT",$script); + $tpl->fillin('SCRIPT',$script); # Dev-Editor's version number - $tpl->fillin("VERSION",$data->{'version'}); + $tpl->fillin('VERSION',$data->{'version'}); # Some path information - $tpl->fillin("SCRIPT_PHYS",encode_entities($ENV{'SCRIPT_FILENAME'})); - $tpl->fillin("CONFIG_PATH",encode_entities($data->{'configfile'})); - $tpl->fillin("FILE_ROOT", encode_entities($config->{'fileroot'})); - $tpl->fillin("HTTP_ROOT", encode_entities($config->{'httproot'})); + $tpl->fillin('SCRIPT_PHYS',encode_html($ENV{'SCRIPT_FILENAME'})); + $tpl->fillin('CONFIG_PATH',encode_html($data->{'configfile'})); + $tpl->fillin('FILE_ROOT', encode_html($config->{'fileroot'})); + $tpl->fillin('HTTP_ROOT', encode_html($config->{'httproot'})); # Perl - $tpl->fillin("PERL_PROG",encode_entities($^X)); - $tpl->fillin("PERL_VER",sprintf("%vd",$^V)); + $tpl->fillin('PERL_PROG',encode_html($^X)); + $tpl->fillin('PERL_VER', sprintf('%vd',$^V)); # Information about the server - $tpl->fillin("HTTPD",encode_entities($ENV{'SERVER_SOFTWARE'})); - $tpl->fillin("OS",$^O); - $tpl->fillin("TIME",encode_entities(strftime($config->{'timeformat'},localtime))); + $tpl->fillin('HTTPD',encode_html($ENV{'SERVER_SOFTWARE'})); + $tpl->fillin('OS', encode_html($^O)); + $tpl->fillin('TIME', encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime : localtime))); + + $tpl->parse_if_block('gmt',$config->{'use_gmt'}); # Process information - $tpl->fillin("PID",$$); + $tpl->fillin('PID',$$); - # Check if the functions getpwuid() and getgrgid() are available + # The following information is only available on systems supporting + # users and groups if($users) { @@ -958,45 +974,45 @@ sub exec_about($$) my $uid = POSIX::getuid; my $gid = POSIX::getgid; - $tpl->parse_if_block("users",1); + $tpl->parse_if_block('users',1); - # ID's of user and group + # IDs of user and group - $tpl->fillin("UID",$uid); - $tpl->fillin("GID",$gid); + $tpl->fillin('UID',$uid); + $tpl->fillin('GID',$gid); # Names of user and group if(my $user = getpwuid($uid)) { - $tpl->fillin("USER",encode_entities($user)); - $tpl->parse_if_block("user_detected",1); + $tpl->fillin('USER',encode_html($user)); + $tpl->parse_if_block('user_detected',1); } else { - $tpl->parse_if_block("user_detected",0); + $tpl->parse_if_block('user_detected',0); } if(my $group = getgrgid($gid)) { - $tpl->fillin("GROUP",encode_entities($group)); - $tpl->parse_if_block("group_detected",1); + $tpl->fillin('GROUP',encode_html($group)); + $tpl->parse_if_block('group_detected',1); } else { - $tpl->parse_if_block("group_detected",0); + $tpl->parse_if_block('group_detected',0); } # Process umask - $tpl->fillin("UMASK",sprintf("%04o",umask)); + $tpl->fillin('UMASK',sprintf('%04o',umask)); } else { - $tpl->parse_if_block("users",0); + $tpl->parse_if_block('users',0); } - my $output = header(-type => "text/html"); + my $output = header(-type => 'text/html'); $output .= $tpl->get_template; return \$output;