X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/91dc65a53fbe7dc79a983a51f330033b343cba36..8e187e4f2ec51c2306c5d69755db1cc04e5e2cee:/modules/Command.pm?ds=inline diff --git a/modules/Command.pm b/modules/Command.pm index 79b944d..96dbf52 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -5,8 +5,8 @@ package Command; # # Execute Dev-Editor's commands # -# Author: Patrick Canterino -# Last modified: 2004-11-04 +# Author: Patrick Canterino +# Last modified: 2005-01-01 # use strict; @@ -20,12 +20,14 @@ use File::Path; use POSIX qw(strftime); use Tool; -use CGI qw(header); +use CGI qw(header + escape); + use HTML::Entities; use Output; use Template; -my $script = $ENV{'SCRIPT_NAME'}; +my $script = encode_entities($ENV{'SCRIPT_NAME'}); my $users = eval("getpwuid(0)") && eval("getgrgid(0)"); my %dispatch = ('show' => \&exec_show, @@ -72,7 +74,7 @@ sub exec_command($$$) } } - return error($config->{'errors'}->{'cmd_unknown'},'/',{COMMAND => $command}); + return error($config->{'errors'}->{'cmd_unknown'},'/',{COMMAND => encode_entities($command)}); } # exec_show() @@ -89,6 +91,7 @@ sub exec_show($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $upper_path = encode_entities(upper_path($virtual)); my $uselist = $data->{'uselist'}; my $tpl = new Template; @@ -97,16 +100,21 @@ sub exec_show($$) { # Create directory listing - return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); + return error($config->{'errors'}->{'no_dir_access'},$upper_path) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries); + return error($config->{'dir_read_fail'},$upper_path,{DIR => encode_entities($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; + my $dir_writeable = -w $physical; + my $dirlist = ""; + my $filter1 = $data->{'cgi'}->param('filter') || '*'; # The real wildcard + my $filter2 = ($filter1 && $filter1 ne '*') ? $filter1 : ''; # Wildcard for output + # Create the link to the upper directory # (only if we are not in the root directory) @@ -117,8 +125,8 @@ sub exec_show($$) my $udtpl = new Template; $udtpl->read_file($config->{'templates'}->{'dirlist_up'}); - $udtpl->fillin("UPPER_DIR",encode_entities(upper_path($virtual))); - $udtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); + $udtpl->fillin("UPPER_DIR",$upper_path); + $udtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); $dirlist .= $udtpl->get_template; } @@ -127,6 +135,8 @@ sub exec_show($$) foreach my $dir(@$dirs) { + next unless(dos_wildcard_match($filter1,$dir)); + my $phys_path = $physical."/".$dir; my $virt_path = encode_entities($virtual.$dir."/"); @@ -136,9 +146,9 @@ sub exec_show($$) $dtpl->read_file($config->{'templates'}->{'dirlist_dir'}); $dtpl->fillin("DIR",$virt_path); - $dtpl->fillin("DIR_NAME",$dir); - $dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); - $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); + $dtpl->fillin("DIR_NAME",encode_entities($dir)); + $dtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); + $dtpl->fillin("URL",equal_url(encode_entities($config->{'httproot'}),$virt_path)); $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path); $dtpl->parse_if_block("users",$users && -o $phys_path); @@ -150,28 +160,30 @@ sub exec_show($$) foreach my $file(@$files) { + next unless(dos_wildcard_match($filter1,$file)); + my $phys_path = $physical."/".$file; my $virt_path = encode_entities($virtual.$file); my @stat = stat($phys_path); my $in_use = $uselist->in_use($virtual.$file); + my $too_large = $config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}; my $ftpl = new Template; $ftpl->read_file($config->{'templates'}->{'dirlist_file'}); $ftpl->fillin("FILE",$virt_path); - $ftpl->fillin("FILE_NAME",$file); + $ftpl->fillin("FILE_NAME",encode_entities($file)); $ftpl->fillin("SIZE",$stat[7]); - $ftpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); - $ftpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); + $ftpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); + $ftpl->fillin("URL",equal_url(encode_entities($config->{'httproot'}),$virt_path)); $ftpl->parse_if_block("not_readable",not -r $phys_path); $ftpl->parse_if_block("binary",-B $phys_path); $ftpl->parse_if_block("readonly",not -w $phys_path); - $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'})); - - $ftpl->parse_if_block("editable",-r $phys_path && -w $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}) && not $in_use); + $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not $too_large); + $ftpl->parse_if_block("editable",(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not $in_use); $ftpl->parse_if_block("in_use",$in_use); $ftpl->parse_if_block("unused",not $in_use); @@ -186,53 +198,47 @@ sub exec_show($$) $tpl->read_file($config->{'templates'}->{'dirlist'}); $tpl->fillin("DIRLIST",$dirlist); - $tpl->fillin("DIR",$virtual); + $tpl->fillin("DIR",encode_entities($virtual)); $tpl->fillin("SCRIPT",$script); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin("URL",encode_entities(equal_url($config->{'httproot'},$virtual))); + + $tpl->fillin("FILTER",encode_entities($filter2)); + $tpl->fillin("FILTER_URL",escape($filter2)); + + $tpl->parse_if_block("dir_writeable",$dir_writeable); + $tpl->parse_if_block("filter",$filter2); } else { # View a file - return error($config->{'errors'}->{'noview'},upper_path($virtual)) unless(-r $physical); + return error($config->{'errors'}->{'no_view'},$upper_path) unless(-r $physical); # Check on binary files - # We have to do it in this way, or empty files - # will be recognized as binary files + # We have to do it in this way or empty files will be recognized + # as binary files - unless(-T $physical) - { - # Binary file + return error($config->{'errors'}->{'binary'},$upper_path) unless(-T $physical); - return error($config->{'errors'}->{'binary'},upper_path($virtual)); - } - else - { - # Text file + # Is the file too large? - my $size = (stat($physical))[7]; + return error($config->{'errors'}->{'file_too_large'},$upper_path,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}); - if($config->{'max_file_size'} && $size > $config->{'max_file_size'}) - { - return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) - } - else - { - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + # View the file - $tpl->read_file($config->{'templates'}->{'viewfile'}); + my $content = file_read($physical); + $$content =~ s/\015\012|\012|\015/\n/g; - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + $tpl->read_file($config->{'templates'}->{'viewfile'}); - $tpl->parse_if_block("editable",-r $physical && -w $physical && -T $physical && not ($config->{'max_file_size'} && $size > $config->{'max_file_size'}) && $uselist->unused($virtual)); + $tpl->fillin("FILE",encode_entities($virtual)); + $tpl->fillin("DIR",$upper_path); + $tpl->fillin("URL",encode_entities(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin("SCRIPT",$script); - $tpl->fillin("CONTENT",encode_entities($$content)); - } - } + $tpl->parse_if_block("editable",-w $physical && $uselist->unused($virtual)); + + $tpl->fillin("CONTENT",encode_entities($$content)); } my $output = header(-type => "text/html"); @@ -255,51 +261,44 @@ sub exec_beginedit($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); my $uselist = $data->{'uselist'}; - return error($config->{'errors'}->{'editdir'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($uselist->in_use($virtual)); - return error($config->{'errors'}->{'noedit'},upper_path($virtual)) unless(-r $physical && -w $physical); + return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); + return error($config->{'errors'}->{'in_use'}, $dir,{FILE => $virtual}) if($uselist->in_use($virtual)); + return error($config->{'errors'}->{'no_edit'},$dir) unless(-r $physical && -w $physical); # Check on binary files - unless(-T $physical) - { - # Binary file + return error($config->{'errors'}->{'binary'},$dir) unless(-T $physical); - return error($config->{'errors'}->{'binary'},upper_path($virtual)); - } - else - { - if($config->{'max_file_size'} && (stat($physical))[7] > $config->{'max_file_size'}) - { - return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) - } - else - { - # Text file + # Is the file too large? - $uselist->add_file($virtual); - $uselist->save; + return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}); - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + # Lock the file... - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'editfile'}); + $uselist->add_file($virtual); + $uselist->save; - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); - $tpl->fillin("CONTENT",encode_entities($$content)); + # ... and show the editing form - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + my $content = file_read($physical); + $$content =~ s/\015\012|\012|\015/\n/g; - return \$output; - } - } + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'editfile'}); + + $tpl->fillin("FILE",$virtual); + $tpl->fillin("DIR",$dir); + $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin("SCRIPT",$script); + $tpl->fillin("CONTENT",encode_entities($$content)); + + my $output = header(-type => "text/html"); + $output .= $tpl->get_template; + + return \$output; } # exec_canceledit() @@ -334,14 +333,14 @@ sub exec_endedit($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); my $content = $data->{'cgi'}->param('filecontent'); my $uselist = $data->{'uselist'}; - # We already unlock the file at the beginning of the - # subroutine, because if we have to abort this routine, - # the file keeps locked. - # Nobody else will access the file during this routine - # because of the concept of File::UseList. + # We already unlock the file at the beginning of the subroutine, + # because if we have to abort this routine, the file keeps locked. + # No other user of Dev-Editor will access the file during this + # routine because of the concept of File::UseList. file_unlock($uselist,$virtual); @@ -365,22 +364,22 @@ sub exec_endedit($$) # Check if someone else is editing the new file - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($uselist->in_use($virtual)); + return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($uselist->in_use($virtual)); } - return error($config->{'errors'}->{'text_to_binary'},upper_path($virtual)) unless(-T $physical); - return error($config->{'errors'}->{'editdir'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'noedit'}, upper_path($virtual)) if(-e $physical && !(-r $physical && -w $physical)); + return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); + return error($config->{'errors'}->{'no_edit'},$dir) if(-e $physical && !(-r $physical && -w $physical)); + return error($config->{'errors'}->{'text_to_binary'},$dir) unless(-T $physical); if(file_save($physical,\$content)) { - # Saving of the file was successful - so unlock it! + # Saving of the file was successful! - return devedit_reload({command => 'show', file => upper_path($virtual)}); + return devedit_reload({command => 'show', file => $dir}); } else { - return error($config->{'errors'}->{'edit_failed'},upper_path($virtual),{FILE => $virtual}); + return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); } } @@ -478,31 +477,36 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical); + if(my $uploaded_file = $cgi->param('uploaded_file')) { # Process file upload my $filename = file_name($uploaded_file); my $file_phys = $physical."/".$filename; - my $file_virt = $virtual."".$filename; + my $file_virt = $virtual.$filename; - return error($config->{'errors'}->{'file_exists'},$virtual,{FILE => $file_virt}) if(-e $file_phys && not $cgi->param('overwrite')); + return error($config->{'errors'}->{'in_use'},$virtual,{FILE => $file_virt}) if($data->{'uselist'}->in_use($file_virt)); + + if(-e $file_phys) + { + return error($config->{'errors'}->{'dir_replace'},$virtual) if(-d $file_phys); + return error($config->{'errors'}->{'exist_no_write'},$virtual,{FILE => $file_virt}) unless(-w $file_phys); + return error($config->{'errors'}->{'file_exists'},$virtual,{FILE => $file_virt}) unless($cgi->param('overwrite')); + } my $ascii = $cgi->param('ascii'); my $handle = $cgi->upload('uploaded_file'); - local *FILE; - - open(FILE,">$file_phys") or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); - binmode(FILE) unless($ascii); + return error($config->{'errors'}->{'invalid_upload'},$virtual) unless($handle); # Read transferred file and write it to disk read($handle, my $data, -s $handle); $data =~ s/\015\012|\012|\015/\n/g if($ascii); # Replace line separators if transferring in ASCII mode - print FILE $data; - - close(FILE); + file_save($file_phys,\$data,not $ascii) or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); return devedit_reload({command => "show", file => $virtual}); } @@ -536,26 +540,25 @@ sub exec_copy($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = encode_entities($data->{'virtual'}); + my $dir = upper_path($virtual); my $new_physical = $data->{'new_physical'}; - return error($config->{'errors'}->{'dircopy'}) if(-d $physical); - return error($config->{'errors'}->{'nocopy'}) unless(-r $physical); + return error($config->{'errors'}->{'dircopy'},$dir) if(-d $physical); + return error($config->{'errors'}->{'no_copy'},$dir) unless(-r $physical); if($new_physical) { my $new_virtual = $data->{'new_virtual'}; - my $dir = upper_path($new_virtual); + my $new_dir = upper_path($new_virtual); $new_virtual = encode_entities($new_virtual); if(-e $new_physical) { - return error($config->{'errors'}->{'exist_edited'},$dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'exist_edited'},$new_dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical); + return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual}) unless(-w $new_physical); - if(-d $new_physical) - { - return error($config->{'errors'}->{'dir_replace'},$dir); - } - elsif(not $data->{'cgi'}->param('confirmed')) + if(not $data->{'cgi'}->param('confirmed')) { my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); @@ -563,8 +566,8 @@ sub exec_copy($$) $tpl->fillin("FILE",$virtual); $tpl->fillin("NEW_FILE",$new_virtual); $tpl->fillin("NEW_FILENAME",file_name($new_virtual)); - $tpl->fillin("NEW_DIR",$dir); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("NEW_DIR",$new_dir); + $tpl->fillin("DIR",$dir); $tpl->fillin("COMMAND","copy"); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); @@ -577,8 +580,8 @@ sub exec_copy($$) } } - copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},upper_path($virtual),{FILE => $virtual, NEW_FILE => $new_virtual}); - return devedit_reload({command => 'show', file => $dir}); + copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + return devedit_reload({command => 'show', file => $new_dir}); } else { @@ -586,7 +589,7 @@ sub exec_copy($$) $tpl->read_file($config->{'templates'}->{'copyfile'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -611,26 +614,26 @@ sub exec_rename($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); my $new_physical = $data->{'new_physical'}; - return error($config->{'errors'}->{'rename_root'},"/") if($virtual eq "/"); - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); + return error($config->{'errors'}->{'rename_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'no_rename'},$dir) unless(-w upper_path($physical)); + return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); if($new_physical) { my $new_virtual = $data->{'new_virtual'}; - my $dir = upper_path($new_virtual); + my $new_dir = upper_path($new_virtual); $new_virtual = encode_entities($new_virtual); if(-e $new_physical) { - return error($config->{'errors'}->{'exist_edited'},$dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'exist_edited'},$new_dir,{FILE => $new_virtual}) if($data->{'uselist'}->in_use($data->{'new_virtual'})); + return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical); + return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual}) unless(-w $new_physical); - if(-d $new_physical) - { - return error($config->{'errors'}->{'dir_replace'},$dir); - } - elsif(not $data->{'cgi'}->param('confirmed')) + if(not $data->{'cgi'}->param('confirmed')) { my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); @@ -638,8 +641,8 @@ sub exec_rename($$) $tpl->fillin("FILE",$virtual); $tpl->fillin("NEW_FILE",$new_virtual); $tpl->fillin("NEW_FILENAME",file_name($new_virtual)); - $tpl->fillin("NEW_DIR",$dir); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("NEW_DIR",$new_dir); + $tpl->fillin("DIR",$dir); $tpl->fillin("COMMAND","rename"); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); @@ -652,8 +655,8 @@ sub exec_rename($$) } } - rename($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},upper_path($virtual),{FILE => $virtual, NEW_FILE => $new_virtual}); - return devedit_reload({command => 'show', file => $dir}); + rename($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + return devedit_reload({command => 'show', file => $new_dir}); } else { @@ -661,7 +664,7 @@ sub exec_rename($$) $tpl->read_file($config->{'templates'}->{'renamefile'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -686,8 +689,10 @@ sub exec_remove($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); return error($config->{'errors'}->{'remove_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'no_delete'},$dir) unless(-w upper_path($physical)); if(-d $physical) { @@ -696,7 +701,7 @@ sub exec_remove($$) if($data->{'cgi'}->param('confirmed')) { rmtree($physical); - return devedit_reload({command => 'show', file => upper_path($virtual)}); + return devedit_reload({command => 'show', file => $dir}); } else { @@ -704,7 +709,7 @@ sub exec_remove($$) $tpl->read_file($config->{'templates'}->{'confirm_rmdir'}); $tpl->fillin("DIR",$virtual); - $tpl->fillin("UPPER_DIR",upper_path($virtual)); + $tpl->fillin("UPPER_DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -718,12 +723,12 @@ sub exec_remove($$) { # Remove a file - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); + return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); if($data->{'cgi'}->param('confirmed')) { - unlink($physical) or return error($config->{'errors'}->{'delete_failed'},upper_path($virtual),{FILE => $virtual}); - return devedit_reload({command => 'show', file => upper_path($virtual)}); + unlink($physical) or return error($config->{'errors'}->{'delete_failed'},$dir,{FILE => $virtual}); + return devedit_reload({command => 'show', file => $dir}); } else { @@ -731,7 +736,7 @@ sub exec_remove($$) $tpl->read_file($config->{'templates'}->{'confirm_rmfile'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -758,69 +763,73 @@ sub exec_chprop($$) my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; my $dir = upper_path($virtual); - my $cgi = $data->{'cgi'}; - my $mode = $cgi->param('mode'); - my $group = $cgi->param('group'); - if($users) + return error($config->{'errors'}->{'no_users'},$dir,{FILE => $virtual}) unless($users); + return error($config->{'errors'}->{'chprop_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'not_owner'},$dir,{FILE => $virtual}) unless(-o $physical); + return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); + + my $cgi = $data->{'cgi'}; + my $mode = $cgi->param('mode'); + my $group = $cgi->param('group'); + + if($mode || $group) { - if(-o $physical) + if($mode) { - if($mode || $group) - { - if($mode) - { - my $oct_mode = $mode; - $oct_mode = "0".$oct_mode if(length($oct_mode) == 3); - $oct_mode = oct($oct_mode); - - chmod($oct_mode,$physical); - } - - if($group) - { - return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => $group}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); - system("chgrp",$group,$physical); - } - - return devedit_reload({command => 'show', file => $dir}); - } - else - { - my @stat = stat($physical); + # Change the mode - my $mode = $stat[2]; - my $mode_oct = substr(sprintf("%04o",$mode),-4); - my $gid = $stat[5]; - my $group = getgrgid($gid); + chmod(oct($mode),$physical); + } - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'chprop'}); + if($group) + { + # Change the group using the `chgrp` system command - $tpl->fillin("MODE_OCTAL",$mode_oct); - $tpl->fillin("MODE_STRING",mode_string($mode)); - $tpl->fillin("GID",$gid); - $tpl->fillin("GROUP",$group); + return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_entities($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); + system("chgrp",$group,$physical); + } - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",$dir); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); + return devedit_reload({command => 'show', file => $dir}); + } + else + { + # Display the form - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + my @stat = stat($physical); + my $mode = $stat[2]; + my $gid = $stat[5]; - return \$output; - } + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'chprop'}); + + # Insert file properties into the template + + $tpl->fillin("MODE_OCTAL",substr(sprintf("%04o",$mode),-4)); + $tpl->fillin("MODE_STRING",mode_string($mode)); + $tpl->fillin("GID",$gid); + + if(my $group = getgrgid($gid)) + { + $tpl->fillin("GROUP",encode_entities($group)); + $tpl->parse_if_block("group_detected",1); } else { - return error($config->{'errors'}->{'not_owner'},$dir,{FILE => $virtual}); + $tpl->parse_if_block("group_detected",0); } - } - else - { - return error($config->{'errors'}->{'no_users'},$dir,{FILE => $virtual}); + + # Insert other information + + $tpl->fillin("FILE",$virtual); + $tpl->fillin("DIR",$dir); + $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin("SCRIPT",$script); + + my $output = header(-type => "text/html"); + $output .= $tpl->get_template; + + return \$output; } } @@ -839,13 +848,14 @@ sub exec_unlock($$) my ($data,$config) = @_; my $virtual = $data->{'virtual'}; my $uselist = $data->{'uselist'}; + my $dir = upper_path($virtual); - return devedit_reload({command => 'show', file => upper_path($virtual)}) if($uselist->unused($virtual)); + return devedit_reload({command => 'show', file => $dir}) if($uselist->unused($virtual)); if($data->{'cgi'}->param('confirmed')) { file_unlock($uselist,$virtual); - return devedit_reload({command => 'show', file => upper_path($virtual)}); + return devedit_reload({command => 'show', file => $dir}); } else { @@ -853,7 +863,7 @@ sub exec_unlock($$) $tpl->read_file($config->{'templates'}->{'confirm_unlock'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -888,21 +898,21 @@ sub exec_about($$) # Some path information - $tpl->fillin("SCRIPT_PHYS",$ENV{'SCRIPT_FILENAME'}); - $tpl->fillin("CONFIG_PATH",$data->{'configfile'}); - $tpl->fillin("FILE_ROOT",$config->{'fileroot'}); - $tpl->fillin("HTTP_ROOT",$config->{'httproot'}); + $tpl->fillin("SCRIPT_PHYS",encode_entities($ENV{'SCRIPT_FILENAME'})); + $tpl->fillin("CONFIG_PATH",encode_entities($data->{'configfile'})); + $tpl->fillin("FILE_ROOT", encode_entities($config->{'fileroot'})); + $tpl->fillin("HTTP_ROOT", encode_entities($config->{'httproot'})); # Perl - $tpl->fillin("PERL_PROG",$^X); - $tpl->fillin("PERL_VER",sprintf("%vd",$^V)); + $tpl->fillin("PERL_PROG",encode_entities($^X)); + $tpl->fillin("PERL_VER", sprintf("%vd",$^V)); # Information about the server - $tpl->fillin("HTTPD",$ENV{'SERVER_SOFTWARE'}); - $tpl->fillin("OS",$^O); - $tpl->fillin("TIME",strftime($config->{'timeformat'},localtime)); + $tpl->fillin("HTTPD",encode_entities($ENV{'SERVER_SOFTWARE'})); + $tpl->fillin("OS", encode_entities($^O)); + $tpl->fillin("TIME", encode_entities(strftime($config->{'timeformat'},localtime))); # Process information @@ -927,8 +937,25 @@ sub exec_about($$) # Names of user and group - $tpl->fillin("USER",getpwuid($uid)); - $tpl->fillin("GROUP",getgrgid($gid)); + if(my $user = getpwuid($uid)) + { + $tpl->fillin("USER",encode_entities($user)); + $tpl->parse_if_block("user_detected",1); + } + else + { + $tpl->parse_if_block("user_detected",0); + } + + if(my $group = getgrgid($gid)) + { + $tpl->fillin("GROUP",encode_entities($group)); + $tpl->parse_if_block("group_detected",1); + } + else + { + $tpl->parse_if_block("group_detected",0); + } # Process umask