are not accessible are greyed in directory listing. Accessing such a directory
causes an error message.
- Dev-Editor checks if it has read access to the virtual root directory. Having
no access to this directory would cause Dev-Editor to show the contents of the
real root directory!
# Dev-Editor's main program
#
# Author: Patrick Canterino <patshaping@gmx.net>
# Dev-Editor's main program
#
# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-10-04
+# Last modified: 2004-11-04
my $config = read_config(CONFIGFILE);
error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
my $config = read_config(CONFIGFILE);
error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy...
+# Check if we are able to access the root directory
+
+abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'});
+
# Read the most important form data
my $cgi = new CGI;
# Read the most important form data
my $cgi = new CGI;
mkdir_failed = Could not create directory '{DIR}'.
copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'.
rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'.
mkdir_failed = Could not create directory '{DIR}'.
copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'.
rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'.
+no_root_access = You have not enough permissions to access the root directory.
above_root = Accessing files and directories above the virtual root directory is forbidden.
create_ar = You aren't allowed to create files and directories above the virtual root directory.
file_exists = A file or directory called '{FILE}' already exists.
above_root = Accessing files and directories above the virtual root directory is forbidden.
create_ar = You aren't allowed to create files and directories above the virtual root directory.
file_exists = A file or directory called '{FILE}' already exists.
dir_replace = You are not allowed to replace a directory.
noview = You have not enough permissions to view this file.
nocopy = You have not enough permissions to copy this file.
dir_replace = You are not allowed to replace a directory.
noview = You have not enough permissions to view this file.
nocopy = You have not enough permissions to copy this file.
+no_dir_access = You have not enough permissions to access this directory.
dircopy = This editor is not able to copy directories.
cmd_unknown = Unknown command: {COMMAND}
lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}').
dircopy = This editor is not able to copy directories.
cmd_unknown = Unknown command: {COMMAND}
lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}').
# Execute Dev-Editor's commands
#
# Author: Patrick Canterino <patshaping@gmx.net>
# Execute Dev-Editor's commands
#
# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-10-31
+# Last modified: 2004-11-04
{
# Create directory listing
{
# Create directory listing
+ return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical);
+
my $direntries = dir_read($physical);
return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries);
my $direntries = dir_read($physical);
return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries);
foreach my $dir(@$dirs)
{
foreach my $dir(@$dirs)
{
- my @stat = stat($physical."/".$dir);
+ my $phys_path = $physical."/".$dir;
my $virt_path = encode_entities($virtual.$dir."/");
my $virt_path = encode_entities($virtual.$dir."/");
+ my @stat = stat($phys_path);
+
my $dtpl = new Template;
$dtpl->read_file($config->{'templates'}->{'dirlist_dir'});
my $dtpl = new Template;
$dtpl->read_file($config->{'templates'}->{'dirlist_dir'});
$dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9])));
$dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path));
$dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9])));
$dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path));
- $dtpl->parse_if_block("users",$users && -o $physical."/".$dir);
+ $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path);
+ $dtpl->parse_if_block("users",$users && -o $phys_path);
$dirlist .= $dtpl->get_template;
}
$dirlist .= $dtpl->get_template;
}
# Some shared sub routines
#
# Author: Patrick Canterino <patshaping@gmx.net>
# Some shared sub routines
#
# Author: Patrick Canterino <patshaping@gmx.net>
-# Last modified: 2004-07-30
+# Last modified: 2004-11-04
$path =~ s!^/{1}!!;
$path = $root."/".$path;
$path =~ s!^/{1}!!;
$path = $root."/".$path;
- unless(-d $path)
- {
- # The path points to a file
- # We have to extract the directory name and create the absolute path
+ # We extract the last part of the path and create the absolute path
- my $dir = upper_path($path);
- my $file = file_name($path);
+ my $first = upper_path($path);
+ my $last = file_name($path);
- $dir = abs_path($dir);
- $path = $dir."/".$file;
- }
- else
- {
- $path = abs_path($path);
- }
+ $first = abs_path($first);
+ $path = $first."/".$last;
$path = File::Spec->canonpath($path);
$path = File::Spec->canonpath($path);
<tr>
<td align="right" style="white-space:nowrap">[SUBDIR]</td>
<td style="padding-left:15pt;white-space:nowrap;">{DATE}</td>
<tr>
<td align="right" style="white-space:nowrap">[SUBDIR]</td>
<td style="padding-left:15pt;white-space:nowrap;">{DATE}</td>
-<td style="padding-left:15pt;white-space:nowrap;"><a href="{SCRIPT}?command=show&file={DIR}">{DIR_NAME}/</a></td>
+<td style="padding-left:15pt;white-space:nowrap;">{IF readable}<a href="{SCRIPT}?command=show&file={DIR}">{DIR_NAME}/</a>{ELSE}<span style="color:#C0C0C0" title="Not accessible">{DIR_NAME}/</span>{ENDIF}</td>
<td style="padding-left:15pt;white-space:nowrap;">(<a href="{SCRIPT}?command=rename&file={DIR}">Rename</a> | <a href="{SCRIPT}?command=remove&file={DIR}">Delete</a> |{IF users} <a href="{SCRIPT}?command=chprop&file={DIR}">Chmod/Chgrp</a> |{ENDIF} <a href="{URL}" target="_blank">View in Browser</a>)</td>
</tr>
<td style="padding-left:15pt;white-space:nowrap;">(<a href="{SCRIPT}?command=rename&file={DIR}">Rename</a> | <a href="{SCRIPT}?command=remove&file={DIR}">Delete</a> |{IF users} <a href="{SCRIPT}?command=chprop&file={DIR}">Chmod/Chgrp</a> |{ENDIF} <a href="{URL}" target="_blank">View in Browser</a>)</td>
</tr>