Added a feature for removing multiple files from a directory.

You can select a set of files in a directory and then remove them by clicking a
button. Of course, there is a confirmation dialogue.

For security reasons, any file sent by URL containing slashes or just
consisting of dots is ignored.

diff --git a/modules/Command.pm b/modules/Command.pm
index ef15a77a2ec10f4d9ebdf35ab6cc748c23a6b85f..506e0c0d13dced6c4317fa3c309aeeac21bd8312 100644 (file)
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -6,7 +6,7 @@ package Command;
 # Execute Dev-Editor's commands
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
-# Last modified: 2009-03-31
+# Last modified: 2009-05-04
 #
 # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann
 # Copyright (C) 2003-2009 Patrick Canterino
@@ -39,17 +39,18 @@ use Template;
 my $script = encode_html($ENV{'SCRIPT_NAME'});
 my $users  = eval('getpwuid(0)') && eval('getgrgid(0)');
 
-my %dispatch = ('show'      => \&exec_show,
-                'beginedit' => \&exec_beginedit,
-                'endedit'   => \&exec_endedit,
-                'mkdir'     => \&exec_mkdir,
-                'mkfile'    => \&exec_mkfile,
-                'upload'    => \&exec_upload,
-                'copy'      => \&exec_copy,
-                'rename'    => \&exec_rename,
-                'remove'    => \&exec_remove,
-                'chprop'    => \&exec_chprop,
-                'about'     => \&exec_about
+my %dispatch = ('show'         => \&exec_show,
+                'beginedit'    => \&exec_beginedit,
+                'endedit'      => \&exec_endedit,
+                'mkdir'        => \&exec_mkdir,
+                'mkfile'       => \&exec_mkfile,
+                'upload'       => \&exec_upload,
+                'copy'         => \&exec_copy,
+                'rename'       => \&exec_rename,
+                'remove'       => \&exec_remove,
+                'remove_multi' => \&exec_remove_multi,
+                'chprop'       => \&exec_chprop,
+                'about'        => \&exec_about
                );
 
 ### Export ###
@@ -848,6 +849,163 @@ sub exec_remove($$)
  }
 }
 
+# exec_remove_multi()
+#
+# Remove a file or a directory and return to directory view
+#
+# Params: 1. Reference to user input hash
+#         2. Reference to config hash
+#
+# Return: Output of the command (Scalar Reference)
+
+sub exec_remove_multi($$)
+{
+ my ($data,$config) = @_;
+ my $physical       = $data->{'physical'};
+ my $virtual        = $data->{'virtual'};
+ my $cgi            = $data->{'cgi'};
+ 
+ my @files = $cgi->param('files');
+ my $x = 0; 
+ 
+ if(@files)
+ {
+  foreach my $file(@files)
+  {
+   # Filter out some "bad" files (e.g. files going up in the
+   # directory hierarchy or files containing slashes (it's too
+   # dangerous...)
+  
+   splice(@files,$x,1) if($file =~ m!^\.+$!);
+   splice(@files,$x,1) if($file =~ m!/!);
+   splice(@files,$x,1) if($file =~ m!\\!);
+   
+   $x++;
+  }
+ }
+ 
+ if(@files)
+ {
+  if($cgi->param('confirmed'))
+  {
+   #die 'Noch nicht!';
+   
+   my @success;
+   my @failed;
+   
+   foreach my $file(@files)
+   {
+    my $file_path = clean_path($physical.'/'.$file);
+    
+    if(-e $file_path)
+    {
+     if(-d $file_path && not -l $file_path)
+     {
+      # Remove a directory
+      
+      if(rmtree($file_path))
+      {
+       push(@success,clean_path($file));
+      }
+      else
+      {
+       push(@failed,clean_path($file));
+      }
+     }
+     else
+     {
+      # Remove a file
+      
+      if(unlink($file_path))
+      {
+       push(@success,clean_path($file));
+      }
+      else
+      {
+       push(@failed,clean_path($file));
+      }
+     }
+    }
+    else
+    {
+     push(@failed,clean_path($file));
+    }
+   }
+   
+   my $tpl = new Template;
+   $tpl->read_file($config->{'templates'}->{'rmmulti'});
+
+   if(scalar(@success) > 0)
+   {
+    $tpl->parse_if_block('success',1);
+   
+    foreach my $file_success(@success)
+    {
+     $tpl->add_loop_data('SUCCESS',{FILE => encode_html($file_success),
+                                    FILE_PATH => encode_html(clean_path($virtual.'/'.$file_success))});
+    }
+   }
+   else
+   {
+    $tpl->parse_if_block('success',0);
+   }
+   
+   if(scalar(@failed) > 0)
+   {
+    $tpl->parse_if_block('failed',1);
+
+    foreach my $file_failed(@failed)
+    {
+     $tpl->add_loop_data('FAILED',{FILE => encode_html($file_failed),
+                                   FILE_PATH => encode_html(clean_path($virtual.'/'.$file_failed))});
+    }
+   }
+   else
+   {
+    $tpl->parse_if_block('failed',0);
+   }
+   
+   
+   $tpl->set_var('DIR',encode_html($virtual));
+   $tpl->set_var('SCRIPT',$script);
+   
+   $tpl->parse;
+
+   my $output = header(-type => 'text/html');
+   $output   .= $tpl->get_template;
+
+   return \$output;
+  }
+  else
+  {
+   my $tpl = new Template;
+   $tpl->read_file($config->{'templates'}->{'confirm_rmmulti'});
+
+   foreach my $file(@files)
+   {
+    $tpl->add_loop_data('FILES',{FILE => encode_html($file),
+                                 FILE_PATH => encode_html(clean_path($virtual.'/'.$file))});
+   }
+   
+   $tpl->set_var('COUNT',encode_html($x));
+   
+   $tpl->set_var('DIR',encode_html($virtual));
+   $tpl->set_var('SCRIPT',$script);
+   
+   $tpl->parse;
+
+   my $output = header(-type => 'text/html');
+   $output   .= $tpl->get_template;
+
+   return \$output;
+  }
+ }
+ else
+ {
+  return devedit_reload({command => 'show', file => $virtual});
+ }
+}
+
 # exec_chprop()
 #
 # Change the mode and the group of a file or a directory

diff --git a/templates.conf b/templates.conf
index 055b51bde28a1adb089f0853a0e038631931157d..c2874668f7343e57eddb7206b8a56e19d2380442 100644 (file)
--- a/templates.conf
+++ b/templates.conf
@@ -6,6 +6,7 @@ chprop          = templates/chprop.htm
 confirm_replace = templates/confirm_replace.htm
 confirm_rmdir   = templates/confirm_rmdir.htm
 confirm_rmfile  = templates/confirm_rmfile.htm
+confirm_rmmulti = templates/confirm_rmmulti.htm
 copydir         = templates/copydir.htm
 copyfile        = templates/copyfile.htm
 dirlist         = templates/dirlist.htm
@@ -17,6 +18,7 @@ error           = templates/error.htm
 mkdir           = templates/mkdir.htm
 mkfile          = templates/mkfile.htm
 renamefile      = templates/renamefile.htm
+rmmulti         = templates/rmmulti.htm
 upload          = templates/upload.htm
 viewfile        = templates/viewfile.htm
 viewlink        = templates/viewlink.htm

diff --git a/templates/confirm_rmmulti.htm b/templates/confirm_rmmulti.htm
new file mode 100644 (file)
index 0000000..216bbee
--- /dev/null
+++ b/templates/confirm_rmmulti.htm
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<title>Remove files</title>
+<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
+</head>
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
+
+<h1>Remove files</h1>
+
+<p>Do you really want to remove these files?</p>
+
+<ul>{LOOP FILES}
+<li>{FILES.FILE_PATH}</li>{ENDLOOP}
+</ul>
+
+<form action="{SCRIPT}" method="get">
+<input type="hidden" name="command" value="remove_multi">
+<input type="hidden" name="file" value="{DIR}">
+<input type="hidden" name="confirmed" value="1">
+{LOOP FILES}
+<input type="hidden" name="files" value="{FILES.FILE}">{ENDLOOP}
+
+<p><input type="submit" value="Yes"></p>
+</form>
+
+<form action="{SCRIPT}" method="get">
+<input type="hidden" name="command" value="show">
+<input type="hidden" name="file" value="{DIR}">
+
+<p><input type="submit" value="No"></p>
+</form>
+
+</body>
+</html>
\ No newline at end of file

diff --git a/templates/dirlist.htm b/templates/dirlist.htm
index 7b047d97b7e0ef605dec7a30a3efe0d77652ce06..10ade36ba964c9ff9553c38a875dcecebbbb4af2 100644 (file)
--- a/templates/dirlist.htm
+++ b/templates/dirlist.htm
@@ -14,8 +14,18 @@
 
 <hr>
 
-{IF empty}<p><i>This directory is empty or nothing is matching against your wildcard</i></p>{ELSE}<table border="0" style="font-family:'Courier New',Courier,monospace;font-size:10pt;">
-{DIRLIST}</table>{ENDIF}
+{IF empty}<p><i>This directory is empty or nothing is matching against your wildcard</i></p>{ELSE}<form>
+<input type="hidden" name="command" value="remove_multi">
+<input type="hidden" name="file" value="{DIR}">
+
+<table border="0" style="font-family:'Courier New',Courier,monospace;font-size:10pt;">
+{DIRLIST}</table>
+
+<hr>
+
+<p><input type="submit" value="Delete selected files"></p>
+
+</form>{ENDIF}
 
 <hr>
 

diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm
index 04fec0b6eecbac1f3846f5c5360c898cf9ddb38c..09088492740f6dfb233a725601d88405110cd787 100644 (file)
--- a/templates/dirlist_dir.htm
+++ b/templates/dirlist_dir.htm
@@ -1,4 +1,5 @@
 <tr{IF even} style="background-color:#EEEEEE"{ENDIF}>
+<td><input type="checkbox" name="files" value="{DIR_NAME}"></td>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{IF !forbidden}{IF readable}<a href="{SCRIPT}?command=show&amp;file={DIR_URL}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">{DIR_NAME}/</a>{ELSE}<span style="color:#C0C0C0" title="Not accessible">{DIR_NAME}/</span>{ENDIF}{ELSE}<span style="color:#C0C0C0" title="File access forbidden by Dev-Editor's configuration">{DIR_NAME}/</span>{ENDIF}</td>

diff --git a/templates/dirlist_file.htm b/templates/dirlist_file.htm
index febadabfc788964bbbca0384b0d0c2c0e030bd84..fd342fea3c7df2a5d06460b59f4940843b1bd763 100644 (file)
--- a/templates/dirlist_file.htm
+++ b/templates/dirlist_file.htm
@@ -1,4 +1,5 @@
 <tr{IF even} style="background-color:#EEEEEE"{ENDIF}>
+<td><input type="checkbox" name="files" value="{FILE_NAME}"></td>
 <td align="right" style="white-space:nowrap">{SIZE}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{IF forbidden}<span style="color:#C0C0C0" title="File access forbidden by Dev-Editor's configuration">{FILE_NAME}</span>{ELSE}{FILE_NAME}{ENDIF}</td>

diff --git a/templates/dirlist_up.htm b/templates/dirlist_up.htm
index b0e34ed8aa1e311cc6d89a2da345eab8ccac48d7..33527c262e3f0159f5bd13b3ae915deedff945cc 100644 (file)
--- a/templates/dirlist_up.htm
+++ b/templates/dirlist_up.htm
@@ -1,4 +1,5 @@
 <tr>
+<td>&nbsp;</td>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <td colspan="2" style="padding-left:15pt;white-space:nowrap"><a href="{SCRIPT}?command=show&amp;file={UPPER_DIR_URL}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">../</a></td>

diff --git a/templates/rmmulti.htm b/templates/rmmulti.htm
new file mode 100644 (file)
index 0000000..aee0464
--- /dev/null
+++ b/templates/rmmulti.htm
@@ -0,0 +1,27 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<title>Remove files</title>
+<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
+</head>
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
+
+<h1>Remove files</h1>{IF success}
+
+<p>The following files have been removed successfully:</p>
+
+<ul>{LOOP SUCCESS}
+<li>{SUCCESS.FILE_PATH}</li>{ENDLOOP}
+</ul>{ENDIF}{IF failed}
+
+<p>The following could not be removed:</p>
+
+<ul>{LOOP FAILED}
+<li>{FAILED.FILE_PATH}</li>{ENDLOOP}
+</ul>{ENDIF}
+
+<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+</body>
+</html>
\ No newline at end of file