- Fixed a security problem:

  It was possible to access files and directories above the virtual root
  directory beginning with the same string as the root directory.
  For example:
  If your root directory is "/var/www/user1" it was possible to access
  "/var/www/user10", "/var/www/user11" and so on.
- Updated version number to 3.0.1
- Updated Change Log

diff --git a/CHANGELOG b/CHANGELOG
index 8e144d2ad946e3544e73fbedda92abc3671292c1..1a772f136c8c224f6cca1b3f4b26b1c92332bcee 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,17 @@
 Change Log for Dev-Editor
 =========================
 
 Change Log for Dev-Editor
 =========================
 

+Version 3.0.1 (2005-11-10):
+===========================
+
+ Accessing files above the virtual root directory:
+ -------------------------------------------------
+ It was possible to access files and directories above the virtual root
+ directory beginning with the same string as the root directory.
+ For example:
+ If your root directory is "/var/www/user1" it was possible to access
+ "/var/www/user10", "/var/www/user11" and so on.
+

 Version 3.0 (2005-10-18):
 =========================
 
 Version 3.0 (2005-10-18):
 =========================
 

diff --git a/README b/README
index 6e44e2aefe9ce91739fe7e1d64abfd5e0ca8d2eb..16cf24c9d782b69ab9ce63608c118c801304ef99 100644 (file)
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
-ReadMe for Dev-Editor 3.0
-=========================
+ReadMe for Dev-Editor 3.0.1
+===========================

 
 Description
 -----------
 
 Description
 -----------

diff --git a/devedit.pl b/devedit.pl
index 909550b8767f34036bab6c1399f5bae9351fbb62..39588cf65679f83b041f8b8e7b4a16ee77238aea 100644 (file)
--- a/devedit.pl
+++ b/devedit.pl
@@ -1,7 +1,7 @@
 #!C:/Programme/Perl/bin/perl.exe -w
 
 #
 #!C:/Programme/Perl/bin/perl.exe -w
 
 #

-# Dev-Editor 3.0
+# Dev-Editor 3.0.1

 #
 # Dev-Editor's main program
 #
 #
 # Dev-Editor's main program
 #


@@ -22,7 +22,7 @@ use Command;
 use Output;
 use Tool;
 
 use Output;
 use Tool;
 

-$VERSION = '3.0';
+$VERSION = '3.0.1';

 
 # Path to configuration file
 # Change if necessary!
 
 # Path to configuration file
 # Change if necessary!

diff --git a/modules/Tool.pm b/modules/Tool.pm
index 16d5d72acd2b3aeefc1b45d5e9e998598cdfb209..5ed1ba238bf170786ecd099d33f3d65e8b7d7aaf 100644 (file)
--- a/modules/Tool.pm
+++ b/modules/Tool.pm
@@ -6,7 +6,7 @@ package Tool;
 # Some shared sub routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
 # Some shared sub routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>

-# Last modified: 2005-07-23
+# Last modified: 2005-11-10

 #
 
 use strict;
 #
 
 use strict;


@@ -81,6 +81,7 @@ sub check_path($$)
  # Check if the path is above the root directory
 
  return if(index($path,$root) != 0);
  # Check if the path is above the root directory
 
  return if(index($path,$root) != 0);

+ return if(substr($path,length($root)) && not File::Spec->file_name_is_absolute(substr($path,length($root))));

 
  # Create short path name
 
 
  # Create short path name