X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/863abbbee47daf6df718856079cb50833e3552c2..d6b0eacd69eb222641d326aa6cc5f9f4d133ddd7:/devedit.pl?ds=sidebyside diff --git a/devedit.pl b/devedit.pl index b2261ad..f7b2818 100644 --- a/devedit.pl +++ b/devedit.pl @@ -1,33 +1,54 @@ #!C:/Programme/Perl/bin/perl.exe -w # -# Dev-Editor 1.2 +# Dev-Editor 3.0.1 # # Dev-Editor's main program # -# Author: Patrick Canterino -# Last modified: 2004-02-23 +# Author: Patrick Canterino +# Last modified: 2006-08-24 +# +# Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann +# Copyright (C) 2003-2009 Patrick Canterino +# All Rights Reserved. +# +# This file can be distributed and/or modified under the terms of +# of the Artistic License 1.0 (see also the LICENSE file found at +# the top level of the Dev-Editor distribution). # use strict; use CGI::Carp qw(fatalsToBrowser); +use vars qw($VERSION); use lib 'modules'; use CGI; use Config::DevEdit; -use File::UseList; use Command; use Output; use Tool; -use constant CONFIGFILE => 'devedit.dat'; +$VERSION = '3.0.1'; + +# Path to configuration file +# Change if necessary! + +use constant CONFIGFILE => 'devedit.conf'; # Read the configuration file my $config = read_config(CONFIGFILE); -error_template($config->{'tpl_error'}); # Yes, I'm lazy... +error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy... + +# Check if the root directory exists + +abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'} && not -l $config->{'fileroot'}); + +# Check if we are able to access the root directory + +abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'}); # Read the most important form data @@ -39,15 +60,13 @@ my $curdir = $cgi->param('curdir') || ''; my $newfile = $cgi->param('newfile') || ''; # Create physical and virtual path for the new file -# This section has to be optimized - ugh! my $new_physical = ''; my $new_virtual = ''; -if($newfile ne '') +if($newfile ne '' && $newfile !~ /^\s+$/) { - $curdir = upper_path($file) if($curdir eq ''); - my $path = clean_path($curdir.$newfile); + my $path = $curdir.'/'.$newfile; # Extract file and directory name... @@ -56,62 +75,83 @@ if($newfile ne '') # ... check if the directory exists ... - unless(-d clean_path($config->{'fileroot'}."/".$dir)) + my $temp_path = clean_path($config->{'fileroot'}.'/'.$dir); + + unless(-d $temp_path && not -l $temp_path) { - abort($config->{'err_dir_not_exist'}); + abort($config->{'errors'}->{'dir_not_exist'},'/'); } # ... and check if the path is above the root directory unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir)) { - abort($config->{'err_create_ar'}); + abort($config->{'errors'}->{'create_above_root'},'/'); + } + + # Check if we have enough permissions to create a file + # in this directory + + unless(-r $new_physical && -w $new_physical && -x $new_physical) + { + abort($config->{'errors'}->{'dir_no_create'},'/',{DIR => encode_html($new_virtual)}); } # Create the physical and the virtual path - $new_physical = File::Spec->canonpath($new_physical."/".$file); + $new_physical = File::Spec->canonpath($new_physical.'/'.$file); $new_virtual .= $file; -} -# This check has to be performed first, or abs_path() will be confused + # Check if accessing this file is forbidden -if(-e clean_path($config->{'fileroot'}."/".$file)) -{ - if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file)) + if(is_forbidden_file($config->{'forbidden'},$new_virtual)) { - # Create a File::UseList object and load the list - - my $uselist = new File::UseList(listfile => $config->{'uselist_file'}, - lockfile => $config->{'lock_file'}, - timeout => $config->{'lock_timeout'}); - - $uselist->lock or abort($config->{'err_lock_failed'},{USELIST => $config->{'uselist_file'}, LOCK_FILE => $config->{'lock_file'}}); - $uselist->load; - - # Create a hash with data submitted by user - # (the CGI and the File::UseList object will also be included) + abort($config->{'errors'}->{'forbidden_file'},'/'); + } +} - my %data = (physical => $physical, - virtual => $virtual, - new_physical => $new_physical, - new_virtual => $new_virtual, - uselist => $uselist, - cgi => $cgi); +# This check has to be performed first or abs_path() will be confused - my $output = exec_command($command,\%data,$config); # Execute the command... +my $temp_path = clean_path($config->{'fileroot'}.'/'.$file); - $uselist->unlock; # ... unlock the list with files in use... - print $$output; # ... and print the output of the command +if(-e $temp_path || -l $temp_path) +{ + if(my ($physical,$virtual) = check_path($config->{'fileroot'},$file)) + { + if(is_forbidden_file($config->{'forbidden'},$virtual)) + { + abort($config->{'errors'}->{'forbidden_file'},'/'); + } + else + { + # Create a hash containing data submitted by the user + # (some other necessary information are also included) + + my %data = (physical => $physical, + virtual => $virtual, + new_physical => $new_physical, + new_virtual => $new_virtual, + cgi => $cgi, + version => $VERSION, + configfile => CONFIGFILE); + + # Execute the command... + + my $output = exec_command($command,\%data,$config); + + # ... and show its output + + print $$output; + } } else { - abort($config->{'err_above_root'}); + abort($config->{'errors'}->{'above_root'},'/'); } } else { - abort($config->{'err_not_exist'}); + abort($config->{'errors'}->{'not_found'},'/'); } #