X-Git-Url: https://git.p6c8.net/devedit.git/blobdiff_plain/d67f6ce936647c7312b944d2d2c0c0da13352e1f..d9c57e6a72261b94d4f2e4ee1e1c8e3757355ad0:/modules/Command.pm?ds=sidebyside diff --git a/modules/Command.pm b/modules/Command.pm index 42da15d..431eb4d 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,15 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2005-05-05 +# Last modified: 2010-05-24 +# +# Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann +# Copyright (C) 2003-2009 Patrick Canterino +# All Rights Reserved. +# +# This file can be distributed and/or modified under the terms of +# of the Artistic License 1.0 (see also the LICENSE file found at +# the top level of the Dev-Editor distribution). # use strict; @@ -31,17 +39,19 @@ use Template; my $script = encode_html($ENV{'SCRIPT_NAME'}); my $users = eval('getpwuid(0)') && eval('getgrgid(0)'); -my %dispatch = ('show' => \&exec_show, - 'beginedit' => \&exec_beginedit, - 'endedit' => \&exec_endedit, - 'mkdir' => \&exec_mkdir, - 'mkfile' => \&exec_mkfile, - 'upload' => \&exec_upload, - 'copy' => \&exec_copy, - 'rename' => \&exec_rename, - 'remove' => \&exec_remove, - 'chprop' => \&exec_chprop, - 'about' => \&exec_about +my %dispatch = ('show' => \&exec_show, + 'beginedit' => \&exec_beginedit, + 'endedit' => \&exec_endedit, + 'download' => \&exec_download, + 'mkdir' => \&exec_mkdir, + 'mkfile' => \&exec_mkfile, + 'upload' => \&exec_upload, + 'copy' => \&exec_copy, + 'rename' => \&exec_rename, + 'remove' => \&exec_remove, + 'remove_multi' => \&exec_remove_multi, + 'chprop' => \&exec_chprop, + 'about' => \&exec_about ); ### Export ### @@ -101,13 +111,15 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); + return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; my $dirlist = ''; + my $count = 0; + my $filter1 = $data->{'cgi'}->param('filter') || '*'; # The real wildcard my $filter2 = ($filter1 && $filter1 ne '*') ? $filter1 : ''; # Wildcard for output @@ -116,6 +128,8 @@ sub exec_show($$) unless($virtual eq '/') { + $count++; + my @stat = stat($physical.'/..'); my $udtpl = new Template; @@ -132,8 +146,11 @@ sub exec_show($$) foreach my $dir(@$dirs) { + next if($config->{'hide_dot_files'} && substr($dir,0,1) eq '.'); next unless(dos_wildcard_match($filter1,$dir)); + $count++; + my $phys_path = $physical.'/'.$dir; my $virt_path = multi_string($virtual.$dir.'/'); @@ -148,8 +165,10 @@ sub exec_show($$) $dtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9])))); $dtpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); + $dtpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path); $dtpl->parse_if_block('users',$users && -o $phys_path); + $dtpl->parse_if_block('even',($count % 2) == 0); $dirlist .= $dtpl->get_template; } @@ -158,8 +177,11 @@ sub exec_show($$) foreach my $file(@$files) { + next if($config->{'hide_dot_files'} && substr($file,0,1) eq '.'); next unless(dos_wildcard_match($filter1,$file)); + $count++; + my $phys_path = $physical.'/'.$file; my $virt_path = multi_string($virtual.$file); @@ -178,10 +200,11 @@ sub exec_show($$) $ftpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'})); $ftpl->parse_if_block('link',-l $phys_path); - $ftpl->parse_if_block('not_readable',not -r $phys_path); + $ftpl->parse_if_block('readable',-r $phys_path); + $ftpl->parse_if_block('writeable',-w $phys_path); $ftpl->parse_if_block('binary',-B $phys_path); - $ftpl->parse_if_block('readonly',not -w $phys_path); + $ftpl->parse_if_block('forbidden',is_forbidden_file($config->{'forbidden'},$virt_path->{'normal'})); $ftpl->parse_if_block('viewable',(-r $phys_path && -T $phys_path && not $too_large) || -l $phys_path); $ftpl->parse_if_block('editable',(-r $phys_path && -w $phys_path && -T $phys_path && not $too_large) && not -l $phys_path); @@ -189,6 +212,8 @@ sub exec_show($$) $ftpl->parse_if_block('users',$users && -o $phys_path); + $ftpl->parse_if_block('even',($count % 2) == 0); + $dirlist .= $ftpl->get_template; } @@ -306,7 +331,7 @@ sub exec_beginedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5sum); $tpl->fillin('CONTENT',encode_html($$content)); @@ -363,8 +388,8 @@ sub exec_endedit($$) local *FILE; - sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); - file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}) }; + sysopen(FILE,$physical,O_RDWR | O_CREAT) or return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}); + file_lock(*FILE,LOCK_EX) or do { close(FILE); return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => encode_html($virtual)}) }; my $md5 = new Digest::MD5; $md5->addfile(*FILE); @@ -385,7 +410,7 @@ sub exec_endedit($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); $tpl->fillin('MD5SUM',$md5file); $tpl->fillin('CONTENT',encode_html($content)); @@ -407,7 +432,9 @@ sub exec_endedit($$) print FILE $content; } - $output = devedit_reload({command => 'show', file => $dir}); + $output = ($cgi->param('continue')) + ? devedit_reload({command => 'beginedit', file => $virtual}) + : devedit_reload({command => 'show', file => $dir}); } close(FILE); @@ -418,6 +445,32 @@ sub exec_endedit($$) return devedit_reload({command => 'beginedit', file => $virtual}); } +# exec_download() +# +# Execute a HTTP download of a file +# +# Params: 1. Reference to user input hash +# 2. Reference to config hash +# +# Return: Output of the command (Scalar Reference) + +sub exec_download($$) +{ + my ($data,$config) = @_; + my $physical = $data->{'physical'}; + my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); + + return return error($config->{'errors'}->{'no_download'},$dir,{FILE => $virtual}) if(-d $physical || -l $physical); + + my $filename = file_name($virtual); + + my $output = header(-type => 'application/octet-stream', -attachment => $filename); + $output .= ${ file_read($physical,1) }; + + return \$output; +} + # exec_mkfile() # # Create a file and return to directory view @@ -440,7 +493,15 @@ sub exec_mkfile($$) return error($config->{'errors'}->{'file_exists'},$dir,{FILE => $new_virtual}) if(-e $new_physical); file_create($new_physical) or return error($config->{'errors'}->{'mkfile_failed'},$dir,{FILE => $new_virtual}); - return devedit_reload({command => 'show', file => $dir}); + + if($data->{'cgi'}->param('edit')) + { + return devedit_reload({command => 'beginedit', file => $new_virtual}); + } + else + { + return devedit_reload({command => 'show', file => $dir}); + } } else { @@ -512,11 +573,19 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; - return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical && not -l $physical); - return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}) unless(-w $physical); + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => encode_html($virtual)}) unless(-d $physical && not -l $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => encode_html($virtual)}) unless(-w $physical); if(my $uploaded_file = $cgi->param('uploaded_file')) { + if($cgi->param('remote_file')) + { + $uploaded_file = $cgi->param('remote_file'); + + $uploaded_file =~ s!/!!g; + $uploaded_file =~ s!\\!!g; + } + # Process file upload my $filename = file_name($uploaded_file); @@ -551,7 +620,7 @@ sub exec_upload($$) $tpl->fillin('DIR',encode_html($virtual)); $tpl->fillin('DIR_URL',escape($virtual)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -579,7 +648,6 @@ sub exec_copy($$) my $new_physical = $data->{'new_physical'}; return error($config->{'errors'}->{'link_copy'},$dir) if(-l $physical); - return error($config->{'errors'}->{'dir_copy'},$dir) if(-d $physical); return error($config->{'errors'}->{'no_copy'},$dir) unless(-r $physical); if($new_physical) @@ -587,53 +655,84 @@ sub exec_copy($$) my $new_virtual = multi_string($data->{'new_virtual'}); my $new_dir = upper_path($new_virtual->{'normal'}); - if(-e $new_physical) + if(-d $physical) { - return error($config->{'errors'}->{'link_replace'},$new_dir) if(-l $new_physical); - return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical); - return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual->{'html'}}) unless(-w $new_physical); + return error($config->{'errors'}->{'no_copy'},$dir) unless(-x $physical); + return error($config->{'errors'}->{'file_exists'},$dir,{FILE => $new_virtual->{'html'}}) if(-e $new_physical); + return error($config->{'errors'}->{'dir_copy_self'},$dir) if(index($new_virtual->{'normal'},$virtual) == 0); - if(not $data->{'cgi'}->param('confirmed')) + dir_copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); + return devedit_reload({command => 'show', file => $new_dir}); + } + else + { + if(-e $new_physical) { - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - - $tpl->fillin('FILE',encode_html($virtual)); - $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); - $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); - $tpl->fillin('NEW_DIR',encode_html($new_dir)); - $tpl->fillin('DIR',encode_html($dir)); - $tpl->fillin('DIR_URL',escape($dir)); - - $tpl->fillin('COMMAND','copy'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); - $tpl->fillin('SCRIPT',$script); - - my $output = header(-type => 'text/html'); - $output .= $tpl->get_template; - - return \$output; + return error($config->{'errors'}->{'link_replace'},$new_dir) if(-l $new_physical); + return error($config->{'errors'}->{'dir_replace'},$new_dir) if(-d $new_physical); + return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual->{'html'}}) unless(-w $new_physical); + + if(not $data->{'cgi'}->param('confirmed')) + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'confirm_replace'}); + + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + + $tpl->fillin('COMMAND','copy'); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } } - } - copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); - return devedit_reload({command => 'show', file => $new_dir}); + copy($physical,$new_physical) or return error($config->{'errors'}->{'copy_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); + return devedit_reload({command => 'show', file => $new_dir}); + } } else { - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'copyfile'}); + if(-d $physical) + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'copydir'}); - $tpl->fillin('FILE',encode_html($virtual)); - $tpl->fillin('DIR',encode_html($dir)); - $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); - $tpl->fillin('SCRIPT',$script); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); - my $output = header(-type => 'text/html'); - $output .= $tpl->get_template; + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; - return \$output; + return \$output; + } + else + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'copyfile'}); + + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('DIR',encode_html($dir)); + $tpl->fillin('DIR_URL',escape($dir)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); + $tpl->fillin('SCRIPT',$script); + + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } } } @@ -659,9 +758,8 @@ sub exec_rename($$) if($new_physical) { - my $new_virtual = $data->{'new_virtual'}; - my $new_dir = upper_path($new_virtual); - $new_virtual = encode_html($new_virtual); + my $new_virtual = multi_string($data->{'new_virtual'}); + my $new_dir = upper_path($new_virtual->{'normal'}); if(-e $new_physical) { @@ -673,14 +771,14 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'confirm_replace'}); - $tpl->fillin('FILE',$virtual); - $tpl->fillin('NEW_FILE',$new_virtual); - $tpl->fillin('NEW_FILENAME',file_name($new_virtual)); - $tpl->fillin('NEW_DIR',$new_dir); - $tpl->fillin('DIR',$dir); + $tpl->fillin('FILE',encode_html($virtual)); + $tpl->fillin('NEW_FILE',$new_virtual->{'html'}); + $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'})); + $tpl->fillin('NEW_DIR',encode_html($new_dir)); + $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('COMMAND','rename'); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -690,7 +788,7 @@ sub exec_rename($$) } } - move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => $virtual, NEW_FILE => $new_virtual}); + move($physical,$new_physical) or return error($config->{'errors'}->{'rename_failed'},$dir,{FILE => encode_html($virtual), NEW_FILE => $new_virtual->{'html'}}); return devedit_reload({command => 'show', file => $new_dir}); } else @@ -698,10 +796,10 @@ sub exec_rename($$) my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'renamefile'}); - $tpl->fillin('FILE',$virtual); + $tpl->fillin('FILE',encode_html($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual)); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -748,7 +846,7 @@ sub exec_remove($$) $tpl->fillin('DIR_URL',escape($virtual)); $tpl->fillin('UPPER_DIR',encode_html($dir)); $tpl->fillin('UPPER_DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -775,7 +873,7 @@ sub exec_remove($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -786,6 +884,170 @@ sub exec_remove($$) } } +# exec_remove_multi() +# +# Remove a file or a directory and return to directory view +# +# Params: 1. Reference to user input hash +# 2. Reference to config hash +# +# Return: Output of the command (Scalar Reference) + +sub exec_remove_multi($$) +{ + my ($data,$config) = @_; + my $physical = $data->{'physical'}; + my $virtual = $data->{'virtual'}; + my $cgi = $data->{'cgi'}; + + my @files = $cgi->param('files');# + my @new_files; + + if(@files) + { + foreach my $file(@files) + { + # Filter out some "bad" files (e.g. files going up in the + # directory hierarchy or files containing slashes (it's too + # dangerous...) + + next if($file =~ m!^\.+$!); + next if($file =~ m!/!); + next if($file =~ m!\\!); + + push(@new_files,$file); + } + } + + if(@new_files) + { + if($cgi->param('confirmed')) + { + my @success; + my @failed; + + foreach my $file(@new_files) + { + my $file_path = clean_path($physical.'/'.$file); + + if(-e $file_path) + { + if(-d $file_path && not -l $file_path) + { + # Remove a directory + + if(rmtree($file_path)) + { + push(@success,clean_path($file)); + } + else + { + push(@failed,clean_path($file)); + } + } + else + { + # Remove a file + + if(unlink($file_path)) + { + push(@success,clean_path($file)); + } + else + { + push(@failed,clean_path($file)); + } + } + } + else + { + push(@failed,clean_path($file)); + } + } + + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'rmmulti'}); + + if(scalar(@success) > 0) + { + if(scalar(@success) == scalar(@new_files) && scalar(@failed) == 0) + { + return devedit_reload({command => 'show', file => $virtual}); + } + else + { + $tpl->parse_if_block('success',1); + + foreach my $file_success(@success) + { + $tpl->add_loop_data('SUCCESS',{FILE => encode_html($file_success), + FILE_PATH => encode_html(clean_path($virtual.'/'.$file_success))}); + } + + $tpl->parse_loop('SUCCESS'); + } + } + else + { + $tpl->parse_if_block('success',0); + } + + if(scalar(@failed) > 0) + { + $tpl->parse_if_block('failed',1); + + foreach my $file_failed(@failed) + { + $tpl->add_loop_data('FAILED',{FILE => encode_html($file_failed), + FILE_PATH => encode_html(clean_path($virtual.'/'.$file_failed))}); + } + + $tpl->parse_loop('FAILED'); + } + else + { + $tpl->parse_if_block('failed',0); + } + + + $tpl->fillin('DIR',encode_html($virtual)); + $tpl->fillin('SCRIPT',$script); + + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } + else + { + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'confirm_rmmulti'}); + + foreach my $file(@new_files) + { + $tpl->add_loop_data('FILES',{FILE => encode_html($file), + FILE_PATH => encode_html(clean_path($virtual.'/'.$file))}); + } + + $tpl->parse_loop('FILES'); + + $tpl->fillin('COUNT',scalar(@new_files)); + + $tpl->fillin('DIR',encode_html($virtual)); + $tpl->fillin('SCRIPT',$script); + + my $output = header(-type => 'text/html'); + $output .= $tpl->get_template; + + return \$output; + } + } + else + { + return devedit_reload({command => 'show', file => $virtual}); + } +} + # exec_chprop() # # Change the mode and the group of a file or a directory @@ -817,6 +1079,7 @@ sub exec_chprop($$) { # Change the mode + return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/); chmod(oct($mode),$physical); } @@ -863,7 +1126,7 @@ sub exec_chprop($$) $tpl->fillin('FILE_URL',escape($virtual)); $tpl->fillin('DIR',encode_html($dir)); $tpl->fillin('DIR_URL',escape($dir)); - $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual))); + $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual))); $tpl->fillin('SCRIPT',$script); my $output = header(-type => 'text/html'); @@ -932,7 +1195,7 @@ sub exec_about($$) $tpl->parse_if_block('users',1); - # ID's of user and group + # IDs of user and group $tpl->fillin('UID',$uid); $tpl->fillin('GID',$gid);