- Dev-Editor now checks if it is able to access a directory: Directories that

  are not accessible are greyed in directory listing. Accessing such a directory
  causes an error message.
- Dev-Editor checks if it has read access to the virtual root directory. Having
  no access to this directory would cause Dev-Editor to show the contents of the
  real root directory!

diff --git a/devedit.pl b/devedit.pl
index 169abc42a0446d77d16d2319354fef1eb1e94888..c29c22e702e08f3e7df5d407e302561133ee42dc 100644 (file)
--- a/devedit.pl
+++ b/devedit.pl
@@ -6,7 +6,7 @@
 # Dev-Editor's main program
 #
 # Author:        Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-10-04
+# Last modified: 2004-11-04
 #
 
 use strict;
@@ -35,6 +35,10 @@ use constant CONFIGFILE => 'devedit.dat';
 my $config = read_config(CONFIGFILE);
 error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
 
+# Check if we are able to access the root directory
+
+abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
+
 # Read the most important form data
 
 my $cgi = new CGI;

diff --git a/errors.dat b/errors.dat
index 93b5fc53445416aa64982ec2654166816f676eb4..ffa9c6833072b7b1101d3c172ef9b29fc0a49dab 100644 (file)
--- a/errors.dat
+++ b/errors.dat
@@ -12,6 +12,7 @@ mkfile_failed  = Could not create file '{FILE}'.
 mkdir_failed   = Could not create directory '{DIR}'.
 copy_failed    = Could not copy '{FILE}' to '{NEW_FILE}'.
 rename_failed  = Could not move/rename '{FILE}' to '{NEW_FILE}'.
+no_root_access = You have not enough permissions to access the root directory.
 above_root     = Accessing files and directories above the virtual root directory is forbidden.
 create_ar      = You aren't allowed to create files and directories above the virtual root directory.
 file_exists    = A file or directory called '{FILE}' already exists.
@@ -20,6 +21,7 @@ in_use         = The file '{FILE}' is currently edited by someone else.
 dir_replace    = You are not allowed to replace a directory.
 noview         = You have not enough permissions to view this file.
 nocopy         = You have not enough permissions to copy this file.
+no_dir_access  = You have not enough permissions to access this directory.
 dircopy        = This editor is not able to copy directories.
 cmd_unknown    = Unknown command: {COMMAND}
 lock_failed    = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}').

diff --git a/modules/Command.pm b/modules/Command.pm
index 117d39cafd69d47506aa9399d7e1c1e8243c81ce..79b944d5dc0ecb685f34b25cf306f4313659b733 100644 (file)
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -6,7 +6,7 @@ package Command;
 # Execute Dev-Editor's commands
 #
 # Author:        Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-10-31
+# Last modified: 2004-11-04
 #
 
 use strict;
@@ -97,6 +97,8 @@ sub exec_show($$)
  {
   # Create directory listing
 
+  return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical);
+
   my $direntries = dir_read($physical);
   return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries);
 
@@ -125,9 +127,11 @@ sub exec_show($$)
 
   foreach my $dir(@$dirs)
   {
-   my @stat      = stat($physical."/".$dir);
+   my $phys_path = $physical."/".$dir;
    my $virt_path = encode_entities($virtual.$dir."/");
 
+   my @stat      = stat($phys_path);
+
    my $dtpl = new Template;
    $dtpl->read_file($config->{'templates'}->{'dirlist_dir'});
 
@@ -136,7 +140,8 @@ sub exec_show($$)
    $dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9])));
    $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path));
 
-   $dtpl->parse_if_block("users",$users && -o $physical."/".$dir);
+   $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path);
+   $dtpl->parse_if_block("users",$users && -o $phys_path);
 
    $dirlist .= $dtpl->get_template;
   }

diff --git a/modules/Tool.pm b/modules/Tool.pm
index 6fbf8e05277ee7e9a54eaf7700530042979ff541..8d578efb55547b0a04e12fb00fe88436e4c67a2a 100644 (file)
--- a/modules/Tool.pm
+++ b/modules/Tool.pm
@@ -6,7 +6,7 @@ package Tool;
 # Some shared sub routines
 #
 # Author:        Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-07-30
+# Last modified: 2004-11-04
 #
 
 use strict;
@@ -56,21 +56,13 @@ sub check_path($$)
  $path =~ s!^/{1}!!;
  $path = $root."/".$path;
 
- unless(-d $path)
- {
-  # The path points to a file
-  # We have to extract the directory name and create the absolute path
+ # We extract the last part of the path and create the absolute path
 
-  my $dir  = upper_path($path);
-  my $file = file_name($path);
+ my $first = upper_path($path);
+ my $last  = file_name($path);
 
-  $dir  = abs_path($dir);
-  $path = $dir."/".$file;
- }
- else
- {
-  $path = abs_path($path);
- }
+ $first = abs_path($first);
+ $path  = $first."/".$last;
 
  $path = File::Spec->canonpath($path);
 

diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm
index c1bf870d1a9c0285a0804a7d0c483f4b15e5920f..6a1a740afa2e2e813c521a113f2e1fb1ec61f5a0 100644 (file)
--- a/templates/dirlist_dir.htm
+++ b/templates/dirlist_dir.htm
@@ -1,6 +1,6 @@
 <tr>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}</td>
-<td style="padding-left:15pt;white-space:nowrap;"><a href="{SCRIPT}?command=show&amp;file={DIR}">{DIR_NAME}/</a></td>
+<td style="padding-left:15pt;white-space:nowrap;">{IF readable}<a href="{SCRIPT}?command=show&amp;file={DIR}">{DIR_NAME}/</a>{ELSE}<span style="color:#C0C0C0" title="Not accessible">{DIR_NAME}/</span>{ENDIF}</td>
 <td style="padding-left:15pt;white-space:nowrap;">(<a href="{SCRIPT}?command=rename&amp;file={DIR}">Rename</a> | <a href="{SCRIPT}?command=remove&amp;file={DIR}">Delete</a> |{IF users} <a href="{SCRIPT}?command=chprop&amp;file={DIR}">Chmod/Chgrp</a> |{ENDIF} <a href="{URL}" target="_blank">View in Browser</a>)</td>
 </tr>