- Removed HTML::Entities:

  This module is a little bit slow and does currently not support very much
  encodings. Now, we just encode the HTML control characters (<, >, & and ").
- Began to fix bugs [1120717] and [1071051]

diff --git a/errors.conf b/errors.conf
index 9ced686a25bc745a509f1c9a2476c2599bed8326..864388db396aaa8345435511a4062ab9cc0d6ef7 100644 (file)
--- a/errors.conf
+++ b/errors.conf
@@ -15,7 +15,7 @@ dir_not_exist     = The directory where you want to create this file or director
 dir_read_fail     = Reading of directory '{DIR}' failed.
 dir_replace       = You are not allowed to replace a directory.
 edit_failed       = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity.
 dir_read_fail     = Reading of directory '{DIR}' failed.
 dir_replace       = You are not allowed to replace a directory.
 edit_failed       = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity.

-edit_file_changed = The file you want to edit changed meanwhile. Now, it looks like this: <a href="{SCRIPT}?command=show&amp;file={FILE}">{FILE}</a>. Please try to merge these two versions together of the file or save this file using a different name.
+edit_file_changed = The file you want to edit changed meanwhile. Now, it looks like this: <a href="{SCRIPT}?command=show&amp;file={FILE_URL}">{FILE}</a>. Please try to merge these two versions together of the file or save this file using a different name.

 exist_no_write    = The target file '{FILE}' already exists and you have not enough permissions to replace it.
 file_exists       = A file or directory called '{FILE}' already exists.
 file_too_large    = The file you want to view or edit is too large (max. {SIZE}&nbsp;Bytes).
 exist_no_write    = The target file '{FILE}' already exists and you have not enough permissions to replace it.
 file_exists       = A file or directory called '{FILE}' already exists.
 file_too_large    = The file you want to view or edit is too large (max. {SIZE}&nbsp;Bytes).

diff --git a/modules/Command.pm b/modules/Command.pm
index 9e11f164a278a0bfab6f0317ed5055be2e12faa8..2e0933b6b9f3a122592337ca4fcd5f29778cfa51 100644 (file)
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -6,7 +6,7 @@ package Command;
 # Execute Dev-Editor's commands
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
 # Execute Dev-Editor's commands
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>

-# Last modified: 2005-04-15
+# Last modified: 2005-04-22

 #
 
 use strict;
 #
 
 use strict;


@@ -25,11 +25,10 @@ use Tool;
 use CGI qw(header
            escape);
 
 use CGI qw(header
            escape);
 

-use HTML::Entities;

 use Output;
 use Template;
 
 use Output;
 use Template;
 

-my $script = encode_entities($ENV{'SCRIPT_NAME'});
+my $script = encode_html($ENV{'SCRIPT_NAME'});

 my $users  = eval('getpwuid(0)') && eval('getgrgid(0)');
 
 my %dispatch = ('show'       => \&exec_show,
 my $users  = eval('getpwuid(0)') && eval('getgrgid(0)');
 
 my %dispatch = ('show'       => \&exec_show,


@@ -74,7 +73,7 @@ sub exec_command($$$)
   }
  }
 
   }
  }
 

- return error($config->{'errors'}->{'command_unknown'},'/',{COMMAND => encode_entities($command)});
+ return error($config->{'errors'}->{'command_unknown'},'/',{COMMAND => encode_html($command)});

 }
 
 # exec_show()
 }
 
 # exec_show()


@@ -91,7 +90,7 @@ sub exec_show($$)
  my ($data,$config) = @_;
  my $physical       = $data->{'physical'};
  my $virtual        = $data->{'virtual'};
  my ($data,$config) = @_;
  my $physical       = $data->{'physical'};
  my $virtual        = $data->{'virtual'};

- my $upper_path     = encode_entities(upper_path($virtual));
+ my $upper_path     = multi_string(upper_path($virtual));

 
  my $tpl = new Template;
 
 
  my $tpl = new Template;
 


@@ -99,10 +98,10 @@ sub exec_show($$)
  {
   # Create directory listing
 
  {
   # Create directory listing
 

-  return error($config->{'errors'}->{'no_dir_access'},$upper_path) unless(-r $physical && -x $physical);
+  return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical);

 
   my $direntries = dir_read($physical);
 
   my $direntries = dir_read($physical);

-  return error($config->{'errors'}->{'dir_read_fail'},$upper_path,{DIR => encode_entities($virtual)}) unless($direntries);
+  return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries);

 
   my $files = $direntries->{'files'};
   my $dirs  = $direntries->{'dirs'};
 
   my $files = $direntries->{'files'};
   my $dirs  = $direntries->{'dirs'};


@@ -122,8 +121,9 @@ sub exec_show($$)
    my $udtpl = new Template;
    $udtpl->read_file($config->{'templates'}->{'dirlist_up'});
 
    my $udtpl = new Template;
    $udtpl->read_file($config->{'templates'}->{'dirlist_up'});
 

-   $udtpl->fillin('UPPER_DIR',$upper_path);
-   $udtpl->fillin('DATE',encode_entities(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));
+   $udtpl->fillin('UPPER_DIR',$upper_path->{'html'});
+   $udtpl->fillin('UPPER_DIR_URL',$upper_path->{'url'});
+   $udtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));

 
    $dirlist .= $udtpl->get_template;
   }
 
    $dirlist .= $udtpl->get_template;
   }


@@ -135,17 +135,18 @@ sub exec_show($$)
    next unless(dos_wildcard_match($filter1,$dir));
 
    my $phys_path = $physical.'/'.$dir;
    next unless(dos_wildcard_match($filter1,$dir));
 
    my $phys_path = $physical.'/'.$dir;

-   my $virt_path = encode_entities($virtual.$dir.'/');
+   my $virt_path = multi_string($virtual.$dir.'/');

 
    my @stat      = stat($phys_path);
 
    my $dtpl = new Template;
    $dtpl->read_file($config->{'templates'}->{'dirlist_dir'});
 
 
    my @stat      = stat($phys_path);
 
    my $dtpl = new Template;
    $dtpl->read_file($config->{'templates'}->{'dirlist_dir'});
 

-   $dtpl->fillin('DIR',$virt_path);
-   $dtpl->fillin('DIR_NAME',encode_entities($dir));
-   $dtpl->fillin('DATE',encode_entities(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));
-   $dtpl->fillin('URL',equal_url(encode_entities($config->{'httproot'}),$virt_path));
+   $dtpl->fillin('DIR',$virt_path->{'html'});
+   $dtpl->fillin('DIR_URL',$virt_path->{'url'});
+   $dtpl->fillin('DIR_NAME',encode_html($dir));
+   $dtpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));
+   $dtpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'}));

 
    $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path);
    $dtpl->parse_if_block('users',$users && -o $phys_path);
 
    $dtpl->parse_if_block('readable',-r $phys_path && -x $phys_path);
    $dtpl->parse_if_block('users',$users && -o $phys_path);


@@ -160,7 +161,7 @@ sub exec_show($$)
    next unless(dos_wildcard_match($filter1,$file));
 
    my $phys_path = $physical.'/'.$file;
    next unless(dos_wildcard_match($filter1,$file));
 
    my $phys_path = $physical.'/'.$file;

-   my $virt_path = encode_entities($virtual.$file);
+   my $virt_path = multi_string($virtual.$file);

 
    my @stat      = lstat($phys_path);
    my $too_large = $config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'};
 
    my @stat      = lstat($phys_path);
    my $too_large = $config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'};


@@ -168,11 +169,13 @@ sub exec_show($$)
    my $ftpl = new Template;
    $ftpl->read_file($config->{'templates'}->{'dirlist_file'});
 
    my $ftpl = new Template;
    $ftpl->read_file($config->{'templates'}->{'dirlist_file'});
 

-   $ftpl->fillin('FILE',$virt_path);
-   $ftpl->fillin('FILE_NAME',encode_entities($file));
+   $ftpl->fillin('FILE',$virt_path->{'html'});
+   $ftpl->fillin('FILE_URL',$virt_path->{'url'});
+   $ftpl->fillin('FILE_NAME',encode_html($file));
+   $ftpl->fillin('FILE_URL',$virt_path->{'url'});

    $ftpl->fillin('SIZE',$stat[7]);
    $ftpl->fillin('SIZE',$stat[7]);

-   $ftpl->fillin('DATE',encode_entities(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));
-   $ftpl->fillin('URL',equal_url(encode_entities($config->{'httproot'}),$virt_path));
+   $ftpl->fillin('DATE',encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime($stat[9]) : localtime($stat[9]))));
+   $ftpl->fillin('URL',equal_url(encode_html($config->{'httproot'}),$virt_path->{'html'}));

 
    $ftpl->parse_if_block('link',-l $phys_path);
    $ftpl->parse_if_block('no_link',not -l $phys_path);
 
    $ftpl->parse_if_block('link',-l $phys_path);
    $ftpl->parse_if_block('no_link',not -l $phys_path);


@@ -193,11 +196,12 @@ sub exec_show($$)
   $tpl->read_file($config->{'templates'}->{'dirlist'});
 
   $tpl->fillin('DIRLIST',$dirlist);
   $tpl->read_file($config->{'templates'}->{'dirlist'});
 
   $tpl->fillin('DIRLIST',$dirlist);

-  $tpl->fillin('DIR',encode_entities($virtual));
+  $tpl->fillin('DIR',encode_html($virtual));
+  $tpl->fillin('DIR_URL',escape($virtual));

   $tpl->fillin('SCRIPT',$script);
   $tpl->fillin('SCRIPT',$script);

-  $tpl->fillin('URL',encode_entities(equal_url($config->{'httproot'},$virtual)));
+  $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));

 
 

-  $tpl->fillin('FILTER',encode_entities($filter2));
+  $tpl->fillin('FILTER',encode_html($filter2));

   $tpl->fillin('FILTER_URL',escape($filter2));
 
   $tpl->parse_if_block('empty',$dirlist eq '');
   $tpl->fillin('FILTER_URL',escape($filter2));
 
   $tpl->parse_if_block('empty',$dirlist eq '');


@@ -213,28 +217,29 @@ sub exec_show($$)
 
   $tpl->read_file($config->{'templates'}->{'viewlink'});
 
 
   $tpl->read_file($config->{'templates'}->{'viewlink'});
 

-  $tpl->fillin('FILE',encode_entities($virtual));
-  $tpl->fillin('DIR',$upper_path);
-  $tpl->fillin('URL',encode_entities(equal_url($config->{'httproot'},$virtual)));
+  $tpl->fillin('FILE',encode_html($virtual));
+  $tpl->fillin('DIR',$upper_path->{'html'});
+  $tpl->fillin('DIR_URL',$upper_path->{'url'});
+  $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));

   $tpl->fillin('SCRIPT',$script);
 
   $tpl->fillin('SCRIPT',$script);
 

-  $tpl->fillin('LINK_TARGET',encode_entities($link_target));
+  $tpl->fillin('LINK_TARGET',encode_html($link_target));

  }
  else
  {
   # View a file
 
  }
  else
  {
   # View a file
 

-  return error($config->{'errors'}->{'no_view'},$upper_path) unless(-r $physical);
+  return error($config->{'errors'}->{'no_view'},$upper_path->{'normal'}) unless(-r $physical);

 
   # Check on binary files
   # We have to do it in this way or empty files will be recognized
   # as binary files
 
 
   # Check on binary files
   # We have to do it in this way or empty files will be recognized
   # as binary files
 

-  return error($config->{'errors'}->{'binary_file'},$upper_path) unless(-T $physical);
+  return error($config->{'errors'}->{'binary_file'},$upper_path->{'normal'}) unless(-T $physical);

 
   # Is the file too large?
 
 
   # Is the file too large?
 

-  return error($config->{'errors'}->{'file_too_large'},$upper_path,{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'});
+  return error($config->{'errors'}->{'file_too_large'},$upper_path->{'normal'},{SIZE => $config->{'max_file_size'}}) if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'});

 
   # View the file
 
 
   # View the file
 


@@ -243,14 +248,16 @@ sub exec_show($$)
 
   $tpl->read_file($config->{'templates'}->{'viewfile'});
 
 
   $tpl->read_file($config->{'templates'}->{'viewfile'});
 

-  $tpl->fillin('FILE',encode_entities($virtual));
-  $tpl->fillin('DIR',$upper_path);
-  $tpl->fillin('URL',encode_entities(equal_url($config->{'httproot'},$virtual)));
+  $tpl->fillin('FILE',encode_html($virtual));
+  $tpl->fillin('FILE_URL',escape($virtual));
+  $tpl->fillin('DIR',$upper_path->{'html'});
+  $tpl->fillin('DIR_URL',$upper_path->{'url'});
+  $tpl->fillin('URL',encode_html(equal_url($config->{'httproot'},$virtual)));

   $tpl->fillin('SCRIPT',$script);
 
   $tpl->parse_if_block('editable',-w $physical);
 
   $tpl->fillin('SCRIPT',$script);
 
   $tpl->parse_if_block('editable',-w $physical);
 

-  $tpl->fillin('CONTENT',encode_entities($$content));
+  $tpl->fillin('CONTENT',encode_html($$content));

  }
 
  my $output  = header(-type => 'text/html');
  }
 
  my $output  = header(-type => 'text/html');


@@ -297,12 +304,14 @@ sub exec_beginedit($$)
  my $tpl = new Template;
  $tpl->read_file($config->{'templates'}->{'editfile'});
 
  my $tpl = new Template;
  $tpl->read_file($config->{'templates'}->{'editfile'});
 

- $tpl->fillin('FILE',$virtual);
- $tpl->fillin('DIR',$dir);
+ $tpl->fillin('FILE',encode_html($virtual));
+ $tpl->fillin('FILE_URL',escape($virtual));
+ $tpl->fillin('DIR',encode_html($dir));
+ $tpl->fillin('DIR_URL',escape($dir));

  $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
  $tpl->fillin('SCRIPT',$script);
  $tpl->fillin('MD5SUM',$md5sum);
  $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
  $tpl->fillin('SCRIPT',$script);
  $tpl->fillin('MD5SUM',$md5sum);

- $tpl->fillin('CONTENT',encode_entities($$content));
+ $tpl->fillin('CONTENT',encode_html($$content));

 
  $tpl->parse_if_block('error',0);
 
 
  $tpl->parse_if_block('error',0);
 


@@ -374,12 +383,14 @@ sub exec_endedit($$)
 
    $tpl->fillin('ERROR',$config->{'errors'}->{'edit_file_changed'});
 
 
    $tpl->fillin('ERROR',$config->{'errors'}->{'edit_file_changed'});
 

-   $tpl->fillin('FILE',$virtual);
-   $tpl->fillin('DIR',$dir);
+   $tpl->fillin('FILE',encode_html($virtual));
+   $tpl->fillin('FILE_URL',escape($virtual));
+   $tpl->fillin('DIR',encode_html($dir));
+   $tpl->fillin('DIR_URL',escape($dir));

    $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
    $tpl->fillin('SCRIPT',$script);
    $tpl->fillin('MD5SUM',$md5file);
    $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
    $tpl->fillin('SCRIPT',$script);
    $tpl->fillin('MD5SUM',$md5file);

-   $tpl->fillin('CONTENT',encode_entities($content));
+   $tpl->fillin('CONTENT',encode_html($content));

 
    $tpl->parse_if_block('error',1);
 
 
    $tpl->parse_if_block('error',1);
 


@@ -424,7 +435,7 @@ sub exec_mkfile($$)
  my $new_physical   = $data->{'new_physical'};
  my $new_virtual    = $data->{'new_virtual'};
  my $dir            = upper_path($new_virtual);
  my $new_physical   = $data->{'new_physical'};
  my $new_virtual    = $data->{'new_virtual'};
  my $dir            = upper_path($new_virtual);

- $new_virtual       = encode_entities($new_virtual);
+ $new_virtual       = encode_html($new_virtual);

 
  if($new_physical)
  {
 
  if($new_physical)
  {


@@ -463,7 +474,7 @@ sub exec_mkdir($$)
  my $new_physical   = $data->{'new_physical'};
  my $new_virtual    = $data->{'new_virtual'};
  my $dir            = upper_path($new_virtual);
  my $new_physical   = $data->{'new_physical'};
  my $new_virtual    = $data->{'new_virtual'};
  my $dir            = upper_path($new_virtual);

- $new_virtual       = encode_entities($new_virtual);
+ $new_virtual       = encode_html($new_virtual);

 
  if($new_physical)
  {
 
  if($new_physical)
  {


@@ -512,7 +523,7 @@ sub exec_upload($$)
 
   my $filename  = file_name($uploaded_file);
   my $file_phys = $physical.'/'.$filename;
 
   my $filename  = file_name($uploaded_file);
   my $file_phys = $physical.'/'.$filename;

-  my $file_virt = $virtual.$filename;
+  my $file_virt = encode_html($virtual.$filename);

 
   if(-e $file_phys)
   {
 
   if(-e $file_phys)
   {


@@ -540,7 +551,8 @@ sub exec_upload($$)
   my $tpl = new Template;
   $tpl->read_file($config->{'templates'}->{'upload'});
 
   my $tpl = new Template;
   $tpl->read_file($config->{'templates'}->{'upload'});
 

-  $tpl->fillin('DIR',$virtual);
+  $tpl->fillin('DIR',encode_html($virtual));
+  $tpl->fillin('DIR_URL',escape($virtual));

   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
   $tpl->fillin('SCRIPT',$script);
 
   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
   $tpl->fillin('SCRIPT',$script);
 


@@ -564,7 +576,7 @@ sub exec_copy($$)
 {
  my ($data,$config) = @_;
  my $physical       = $data->{'physical'};
 {
  my ($data,$config) = @_;
  my $physical       = $data->{'physical'};

- my $virtual        = encode_entities($data->{'virtual'});
+ my $virtual        = $data->{'virtual'};

  my $dir            = upper_path($virtual);
  my $new_physical   = $data->{'new_physical'};
 
  my $dir            = upper_path($virtual);
  my $new_physical   = $data->{'new_physical'};
 


@@ -574,26 +586,26 @@ sub exec_copy($$)
 
  if($new_physical)
  {
 
  if($new_physical)
  {

-  my $new_virtual = $data->{'new_virtual'};
-  my $new_dir     = upper_path($new_virtual);
-  $new_virtual    = encode_entities($new_virtual);
+  my $new_virtual = multi_string($data->{'new_virtual'});
+  my $new_dir     = upper_path($new_virtual->{'normal'});

 
   if(-e $new_physical)
   {
 
   if(-e $new_physical)
   {

-   return error($config->{'errors'}->{'link_replace'},$new_dir)                          if(-l $new_physical);
-   return error($config->{'errors'}->{'dir_replace'},$new_dir)                           if(-d $new_physical);
-   return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual}) unless(-w $new_physical);
+   return error($config->{'errors'}->{'link_replace'},$new_dir)                                    if(-l $new_physical);
+   return error($config->{'errors'}->{'dir_replace'},$new_dir)                                     if(-d $new_physical);
+   return error($config->{'errors'}->{'exist_no_write'},$new_dir,{FILE => $new_virtual->{'html'}}) unless(-w $new_physical);

 
    if(not $data->{'cgi'}->param('confirmed'))
    {
     my $tpl = new Template;
     $tpl->read_file($config->{'templates'}->{'confirm_replace'});
 
 
    if(not $data->{'cgi'}->param('confirmed'))
    {
     my $tpl = new Template;
     $tpl->read_file($config->{'templates'}->{'confirm_replace'});
 

-    $tpl->fillin('FILE',$virtual);
-    $tpl->fillin('NEW_FILE',$new_virtual);
-    $tpl->fillin('NEW_FILENAME',file_name($new_virtual));
-    $tpl->fillin('NEW_DIR',$new_dir);
-    $tpl->fillin('DIR',$dir);
+    $tpl->fillin('FILE',encode_html($virtual));
+    $tpl->fillin('NEW_FILE',$new_virtual->{'html'});
+    $tpl->fillin('NEW_FILENAME',file_name($new_virtual->{'html'}));
+    $tpl->fillin('NEW_DIR',encode_html($new_dir));
+    $tpl->fillin('DIR',encode_html($dir));
+    $tpl->fillin('DIR_URL',escape($dir));

 
     $tpl->fillin('COMMAND','copy');
     $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
 
     $tpl->fillin('COMMAND','copy');
     $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));


@@ -614,9 +626,10 @@ sub exec_copy($$)
   my $tpl = new Template;
   $tpl->read_file($config->{'templates'}->{'copyfile'});
 
   my $tpl = new Template;
   $tpl->read_file($config->{'templates'}->{'copyfile'});
 

-  $tpl->fillin('FILE',$virtual);
-  $tpl->fillin('DIR',$dir);
-  $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+  $tpl->fillin('FILE',encode_html($virtual));
+  $tpl->fillin('DIR',encode_html($dir));
+  $tpl->fillin('DIR_URL',escape($dir));
+  $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));

   $tpl->fillin('SCRIPT',$script);
 
   my $output = header(-type => 'text/html');
   $tpl->fillin('SCRIPT',$script);
 
   my $output = header(-type => 'text/html');


@@ -650,7 +663,7 @@ sub exec_rename($$)
  {
   my $new_virtual = $data->{'new_virtual'};
   my $new_dir     = upper_path($new_virtual);
  {
   my $new_virtual = $data->{'new_virtual'};
   my $new_dir     = upper_path($new_virtual);

-  $new_virtual    = encode_entities($new_virtual);
+  $new_virtual    = encode_html($new_virtual);

 
   if(-e $new_physical)
   {
 
   if(-e $new_physical)
   {


@@ -688,7 +701,8 @@ sub exec_rename($$)
   $tpl->read_file($config->{'templates'}->{'renamefile'});
 
   $tpl->fillin('FILE',$virtual);
   $tpl->read_file($config->{'templates'}->{'renamefile'});
 
   $tpl->fillin('FILE',$virtual);

-  $tpl->fillin('DIR',$dir);
+  $tpl->fillin('DIR',encode_html($dir));
+  $tpl->fillin('DIR_URL',escape($dir));

   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
   $tpl->fillin('SCRIPT',$script);
 
   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
   $tpl->fillin('SCRIPT',$script);
 


@@ -732,9 +746,11 @@ sub exec_remove($$)
    my $tpl = new Template;
    $tpl->read_file($config->{'templates'}->{'confirm_rmdir'});
 
    my $tpl = new Template;
    $tpl->read_file($config->{'templates'}->{'confirm_rmdir'});
 

-   $tpl->fillin('DIR',$virtual);
-   $tpl->fillin('UPPER_DIR',$dir);
-   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+   $tpl->fillin('DIR',encode_html($virtual));
+   $tpl->fillin('DIR_URL',escape($virtual));
+   $tpl->fillin('UPPER_DIR',encode_html($dir));
+   $tpl->fillin('UPPER_DIR_URL',escape($dir));
+   $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));

    $tpl->fillin('SCRIPT',$script);
 
    my $output = header(-type => 'text/html');
    $tpl->fillin('SCRIPT',$script);
 
    my $output = header(-type => 'text/html');


@@ -757,9 +773,11 @@ sub exec_remove($$)
    my $tpl = new Template;
    $tpl->read_file($config->{'templates'}->{'confirm_rmfile'});
 
    my $tpl = new Template;
    $tpl->read_file($config->{'templates'}->{'confirm_rmfile'});
 

-   $tpl->fillin('FILE',$virtual);
-   $tpl->fillin('DIR',$dir);
-   $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+   $tpl->fillin('FILE',encode_html($virtual));
+   $tpl->fillin('FILE_URL',escape($virtual));
+   $tpl->fillin('DIR',encode_html($dir));
+   $tpl->fillin('DIR_URL',escape($dir));
+   $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));

    $tpl->fillin('SCRIPT',$script);
 
    my $output = header(-type => 'text/html');
    $tpl->fillin('SCRIPT',$script);
 
    my $output = header(-type => 'text/html');


@@ -786,9 +804,9 @@ sub exec_chprop($$)
  my $virtual        = $data->{'virtual'};
  my $dir            = upper_path($virtual);
 
  my $virtual        = $data->{'virtual'};
  my $dir            = upper_path($virtual);
 

- return error($config->{'errors'}->{'no_users'},$dir,{FILE => $virtual})  unless($users);
+ return error($config->{'errors'}->{'no_users'},$dir,{FILE => encode_html($virtual)})  unless($users);

  return error($config->{'errors'}->{'chprop_root'},'/')                   if($virtual eq '/');
  return error($config->{'errors'}->{'chprop_root'},'/')                   if($virtual eq '/');

- return error($config->{'errors'}->{'not_owner'},$dir,{FILE => $virtual}) unless(-o $physical);
+ return error($config->{'errors'}->{'not_owner'},$dir,{FILE => encode_html($virtual)}) unless(-o $physical);

  return error($config->{'errors'}->{'chprop_link'},$dir)                  if(-l $physical);
 
  my $cgi   = $data->{'cgi'};
  return error($config->{'errors'}->{'chprop_link'},$dir)                  if(-l $physical);
 
  my $cgi   = $data->{'cgi'};


@@ -808,7 +826,7 @@ sub exec_chprop($$)
   {
    # Change the group using the `chgrp` system command
 
   {
    # Change the group using the `chgrp` system command
 

-   return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_entities($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i);
+   return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_html($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i);

    system('chgrp',$group,$physical);
   }
 
    system('chgrp',$group,$physical);
   }
 


@@ -833,7 +851,7 @@ sub exec_chprop($$)
 
   if(my $group = getgrgid($gid))
   {
 
   if(my $group = getgrgid($gid))
   {

-   $tpl->fillin('GROUP',encode_entities($group));
+   $tpl->fillin('GROUP',encode_html($group));

    $tpl->parse_if_block('group_detected',1);
   }
   else
    $tpl->parse_if_block('group_detected',1);
   }
   else


@@ -843,9 +861,11 @@ sub exec_chprop($$)
 
   # Insert other information
 
 
   # Insert other information
 

-  $tpl->fillin('FILE',$virtual);
-  $tpl->fillin('DIR',$dir);
-  $tpl->fillin('URL',equal_url($config->{'httproot'},$virtual));
+  $tpl->fillin('FILE',encode_html($virtual));
+  $tpl->fillin('FILE_URL',escape($virtual));
+  $tpl->fillin('DIR',encode_html($dir));
+  $tpl->fillin('DIR_URL',escape($dir));
+  $tpl->fillin('URL',equal_url($config->{'httproot'},encode_html($virtual)));

   $tpl->fillin('SCRIPT',$script);
 
   my $output = header(-type => 'text/html');
   $tpl->fillin('SCRIPT',$script);
 
   my $output = header(-type => 'text/html');


@@ -879,21 +899,21 @@ sub exec_about($$)
 
  # Some path information
 
 
  # Some path information
 

- $tpl->fillin('SCRIPT_PHYS',encode_entities($ENV{'SCRIPT_FILENAME'}));
- $tpl->fillin('CONFIG_PATH',encode_entities($data->{'configfile'}));
- $tpl->fillin('FILE_ROOT',  encode_entities($config->{'fileroot'}));
- $tpl->fillin('HTTP_ROOT',  encode_entities($config->{'httproot'}));
+ $tpl->fillin('SCRIPT_PHYS',encode_html($ENV{'SCRIPT_FILENAME'}));
+ $tpl->fillin('CONFIG_PATH',encode_html($data->{'configfile'}));
+ $tpl->fillin('FILE_ROOT',  encode_html($config->{'fileroot'}));
+ $tpl->fillin('HTTP_ROOT',  encode_html($config->{'httproot'}));

 
  # Perl
 
 
  # Perl
 

- $tpl->fillin('PERL_PROG',encode_entities($^X));
+ $tpl->fillin('PERL_PROG',encode_html($^X));

  $tpl->fillin('PERL_VER', sprintf('%vd',$^V));
 
  # Information about the server
 
  $tpl->fillin('PERL_VER', sprintf('%vd',$^V));
 
  # Information about the server
 

- $tpl->fillin('HTTPD',encode_entities($ENV{'SERVER_SOFTWARE'}));
- $tpl->fillin('OS',   encode_entities($^O));
- $tpl->fillin('TIME', encode_entities(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime : localtime)));
+ $tpl->fillin('HTTPD',encode_html($ENV{'SERVER_SOFTWARE'}));
+ $tpl->fillin('OS',   encode_html($^O));
+ $tpl->fillin('TIME', encode_html(strftime($config->{'timeformat'},($config->{'use_gmt'}) ? gmtime : localtime)));

 
  $tpl->parse_if_block('gmt',$config->{'use_gmt'});
 
 
  $tpl->parse_if_block('gmt',$config->{'use_gmt'});
 


@@ -923,7 +943,7 @@ sub exec_about($$)
 
   if(my $user = getpwuid($uid))
   {
 
   if(my $user = getpwuid($uid))
   {

-   $tpl->fillin('USER',encode_entities($user));
+   $tpl->fillin('USER',encode_html($user));

    $tpl->parse_if_block('user_detected',1);
   }
   else
    $tpl->parse_if_block('user_detected',1);
   }
   else


@@ -933,7 +953,7 @@ sub exec_about($$)
 
   if(my $group = getgrgid($gid))
   {
 
   if(my $group = getgrgid($gid))
   {

-   $tpl->fillin('GROUP',encode_entities($group));
+   $tpl->fillin('GROUP',encode_html($group));

    $tpl->parse_if_block('group_detected',1);
   }
   else
    $tpl->parse_if_block('group_detected',1);
   }
   else

diff --git a/modules/Output.pm b/modules/Output.pm
index 7248922ba459f832c8b1c413dea8bc3180e72a59..9ef361c8c926e5f940a2a8a1fce2832b35d88066 100644 (file)
--- a/modules/Output.pm
+++ b/modules/Output.pm
@@ -6,16 +6,18 @@ package Output;
 # HTML generating routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
 # HTML generating routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>

-# Last modified: 2005-01-06
+# Last modified: 2005-04-22

 #
 
 use strict;
 
 use vars qw(@EXPORT);
 
 #
 
 use strict;
 
 use vars qw(@EXPORT);
 

-use CGI qw(header);
-use HTML::Entities;
+use CGI qw(header
+           escape);
+

 use Template;
 use Template;

+use Tool;

 
 ### Export ###
 
 
 ### Export ###
 


@@ -45,6 +47,7 @@ sub error_template($)
 #
 # Params: 1. Error message
 #         2. Display a link to this path at the bottom of the page (optional)
 #
 # Params: 1. Error message
 #         2. Display a link to this path at the bottom of the page (optional)

+#            Please use the unencoded form of the string!

 #         3. Hash reference: Template variables (optional)
 #
 # Return: Formatted message (Scalar Reference)
 #         3. Hash reference: Template variables (optional)
 #
 # Return: Formatted message (Scalar Reference)


@@ -58,7 +61,8 @@ sub error($;$$)
 
  $tpl->fillin('ERROR',$message);
  $tpl->fillin('BACK',$path);
 
  $tpl->fillin('ERROR',$message);
  $tpl->fillin('BACK',$path);

- $tpl->fillin('SCRIPT',encode_entities($ENV{'SCRIPT_NAME'}));
+ $tpl->fillin('BACK_URL',escape($path));
+ $tpl->fillin('SCRIPT',encode_html($ENV{'SCRIPT_NAME'}));

 
  $tpl->parse_if_block('dir',defined $path);
 
 
  $tpl->parse_if_block('dir',defined $path);
 

diff --git a/modules/Tool.pm b/modules/Tool.pm
index 23770a14bc8ab1ddcbd6ca9fd107f08e879df2a4..4efefe51f30b07dc7523ffee09e967456b1b32fc 100644 (file)
--- a/modules/Tool.pm
+++ b/modules/Tool.pm
@@ -6,7 +6,7 @@ package Tool;
 # Some shared sub routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>
 # Some shared sub routines
 #
 # Author:        Patrick Canterino <patrick@patshaping.de>

-# Last modified: 2005-02-13
+# Last modified: 2005-04-21

 #
 
 use strict;
 #
 
 use strict;


@@ -29,9 +29,11 @@ use base qw(Exporter);
              clean_path
              devedit_reload
              dos_wildcard_match
              clean_path
              devedit_reload
              dos_wildcard_match

+             encode_html

              equal_url
              file_name
              mode_string
              equal_url
              file_name
              mode_string

+             multi_string

              upper_path);
 
 # check_path()
              upper_path);
 
 # check_path()


@@ -189,6 +191,26 @@ sub dos_wildcard_match($$)
  return ($string =~ m|^$pattern$|is);
 }
 
  return ($string =~ m|^$pattern$|is);
 }
 

+# encode_html()
+#
+# Encode HTML control characters (< > " &)
+#
+# Params: String to encode
+#
+# Return: Encoded string
+
+sub encode_html($)
+{
+ my $string = shift;
+
+ $string =~ s/&/&amp;/g;
+ $string =~ s/</&lt;/g;
+ $string =~ s/>/&gt;/g;
+ $string =~ s/"/&quot;/g;
+
+ return $string;
+}
+

 # equal_url()
 #
 # Create URL equal to a file or directory
 # equal_url()
 #
 # Create URL equal to a file or directory


@@ -270,6 +292,29 @@ sub mode_string($)
  return $string;
 }
 
  return $string;
 }
 

+# multi_string()
+#
+# Create a Hash Reference containing three forms of a string
+#
+# Params: String
+#
+# Return: Hash Reference:
+#         normal => Normal form of the string
+#         html   => HTML encoded form (see encode_html())
+#         url    => URL encoded form
+
+sub multi_string($)
+{
+ my $string = shift;
+ my %multi;
+
+ $multi{'normal'} = $string;
+ $multi{'html'}   = encode_html($string);
+ $multi{'url'}    = escape($string);
+
+ return \%multi;
+}
+

 # upper_path()
 #
 # Remove the last part of a path
 # upper_path()
 #
 # Remove the last part of a path

diff --git a/templates/copyfile.htm b/templates/copyfile.htm
index 1a81a6e91594b06eaedb316029913f99b8cd0266..2570b84be41491825389b3b60ef98b3e0df016dc 100644 (file)
--- a/templates/copyfile.htm
+++ b/templates/copyfile.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>

 
 <hr>
 
 
 <hr>
 

diff --git a/templates/dirlist.htm b/templates/dirlist.htm
index c87faac046e85c01fcb632b1b0108bf49710205a..7338db2f994a3deb95207487cbda3f14caec0d90 100644 (file)
--- a/templates/dirlist.htm
+++ b/templates/dirlist.htm
@@ -39,7 +39,7 @@
 </tr>
 {IF dir_writeable}
 <tr>
 </tr>
 {IF dir_writeable}
 <tr>

-<td colspan="2"><a href="{SCRIPT}?command=upload&amp;file={DIR}">Upload a file</a></td>
+<td colspan="2"><a href="{SCRIPT}?command=upload&amp;file={DIR_URL}">Upload a file</a></td>

 </tr>
 {ENDIF}</table>
 
 </tr>
 {ENDIF}</table>
 

diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm
index 4daa787a03eb6cbb71f218b8bac6061feeb5ba6a..4a57acbebb082597e377819faf2ba8877f1c7526 100644 (file)
--- a/templates/dirlist_dir.htm
+++ b/templates/dirlist_dir.htm
@@ -1,6 +1,6 @@
 <tr>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <tr>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>

-<td style="padding-left:15pt;white-space:nowrap;">{IF readable}<a href="{SCRIPT}?command=show&amp;file={DIR}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">{DIR_NAME}/</a>{ELSE}<span style="color:#C0C0C0" title="Not accessible">{DIR_NAME}/</span>{ENDIF}</td>
-<td style="padding-left:15pt;white-space:nowrap;">({IF dir_writeable}<a href="{SCRIPT}?command=rename&amp;file={DIR}">Rename</a> | <a href="{SCRIPT}?command=remove&amp;file={DIR}">Delete</a> | {ENDIF}{IF users}<a href="{SCRIPT}?command=chprop&amp;file={DIR}">Chmod/Chgrp</a> | {ENDIF}<a href="{URL}" target="_blank">View in Browser</a>)</td>
+<td style="padding-left:15pt;white-space:nowrap;">{IF readable}<a href="{SCRIPT}?command=show&amp;file={DIR_URL}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">{DIR_NAME}/</a>{ELSE}<span style="color:#C0C0C0" title="Not accessible">{DIR_NAME}/</span>{ENDIF}</td>
+<td style="padding-left:15pt;white-space:nowrap;">({IF dir_writeable}<a href="{SCRIPT}?command=rename&amp;file={DIR_URL}">Rename</a> | <a href="{SCRIPT}?command=remove&amp;file={DIR_URL}">Delete</a> | {ENDIF}{IF users}<a href="{SCRIPT}?command=chprop&amp;file={DIR_URL}">Chmod/Chgrp</a> | {ENDIF}<a href="{URL}" target="_blank">View in Browser</a>)</td>

 </tr>
 </tr>

diff --git a/templates/dirlist_file.htm b/templates/dirlist_file.htm
index 44d67a55f0a070c0108b132b41488c0a7f8f1aad..eb107baaaf94e61028c882af630b805cf80fc39f 100644 (file)
--- a/templates/dirlist_file.htm
+++ b/templates/dirlist_file.htm
@@ -2,5 +2,5 @@
 <td align="right" style="white-space:nowrap">{SIZE}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{FILE_NAME}</td>
 <td align="right" style="white-space:nowrap">{SIZE}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <td style="padding-left:15pt;white-space:nowrap;">{FILE_NAME}</td>

-<td style="padding-left:15pt;white-space:nowrap;">({IF viewable}<a href="{SCRIPT}?command=show&amp;file={FILE}">View</a>{ELSE}<span style="color:#C0C0C0" title="{IF not_readable}Not readable{ELSE}{IF binary}Binary file{ELSE}{IF too_large}File too large{ENDIF}{ENDIF}{ENDIF}">View</span>{ENDIF} | {IF editable}<a href="{SCRIPT}?command=beginedit&amp;file={FILE}">Edit</a>{ELSE}<span style="color:#C0C0C0" title="{IF link}Symbolic link{ELSE}{IF not_readable}Not readable{ELSE}{IF readonly}Read only{ELSE}{IF binary}Binary file{ELSE}{IF too_large}File too large{ENDIF}{ENDIF}{ENDIF}{ENDIF}{ENDIF}">Edit</span>{ENDIF}{IF no_link} | <a href="{SCRIPT}?command=copy&amp;file={FILE}">Copy</a>{ENDIF}{IF dir_writeable} | <a href="{SCRIPT}?command=rename&amp;file={FILE}">Rename</a> | <a href="{SCRIPT}?command=remove&amp;file={FILE}">Delete</a>{ENDIF} |{IF users} <a href="{SCRIPT}?command=chprop&amp;file={FILE}">Chmod/Chgrp</a> |{ENDIF} <a href="{URL}" target="_blank">View in Browser</a>)</td>
+<td style="padding-left:15pt;white-space:nowrap;">({IF viewable}<a href="{SCRIPT}?command=show&amp;file={FILE_URL}">View</a>{ELSE}<span style="color:#C0C0C0" title="{IF not_readable}Not readable{ELSE}{IF binary}Binary file{ELSE}{IF too_large}File too large{ENDIF}{ENDIF}{ENDIF}">View</span>{ENDIF} | {IF editable}<a href="{SCRIPT}?command=beginedit&amp;file={FILE_URL}">Edit</a>{ELSE}<span style="color:#C0C0C0" title="{IF link}Symbolic link{ELSE}{IF not_readable}Not readable{ELSE}{IF readonly}Read only{ELSE}{IF binary}Binary file{ELSE}{IF too_large}File too large{ENDIF}{ENDIF}{ENDIF}{ENDIF}{ENDIF}">Edit</span>{ENDIF}{IF no_link} | <a href="{SCRIPT}?command=copy&amp;file={FILE_URL}">Copy</a>{ENDIF}{IF dir_writeable} | <a href="{SCRIPT}?command=rename&amp;file={FILE_URL}">Rename</a> | <a href="{SCRIPT}?command=remove&amp;file={FILE_URL}">Delete</a>{ENDIF} |{IF users} <a href="{SCRIPT}?command=chprop&amp;file={FILE_URL}">Chmod/Chgrp</a> |{ENDIF} <a href="{URL}" target="_blank">View in Browser</a>)</td>

 </tr>
 </tr>

diff --git a/templates/dirlist_up.htm b/templates/dirlist_up.htm
index 44cdce5165c93630e151b5fb70ed0395a20c0be8..b0e34ed8aa1e311cc6d89a2da345eab8ccac48d7 100644 (file)
--- a/templates/dirlist_up.htm
+++ b/templates/dirlist_up.htm
@@ -1,5 +1,5 @@
 <tr>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>
 <tr>
 <td align="right" style="white-space:nowrap">[SUBDIR]</td>
 <td style="padding-left:15pt;white-space:nowrap;">{DATE}{IF gmt} (GMT){ENDIF}</td>

-<td colspan="2" style="padding-left:15pt;white-space:nowrap"><a href="{SCRIPT}?command=show&amp;file={UPPER_DIR}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">../</a></td>
+<td colspan="2" style="padding-left:15pt;white-space:nowrap"><a href="{SCRIPT}?command=show&amp;file={UPPER_DIR_URL}{IF filter}&amp;filter={FILTER_URL}{ENDIF}">../</a></td>

 </tr>
 </tr>

diff --git a/templates/editfile.htm b/templates/editfile.htm
index 5d14d4ac318af478c8a8af8fa846b6fdaf9ce7e5..82c9973f0f29070d9cf464854bd34be7f1615803 100644 (file)
--- a/templates/editfile.htm
+++ b/templates/editfile.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>{IF error}
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>{IF error}

 
 <p>{ERROR}</p>{ENDIF}
 
 
 <p>{ERROR}</p>{ENDIF}
 

diff --git a/templates/error.htm b/templates/error.htm
index 17abf7f01abd61828bb70e501a6b98d32a74f901..195b79dc9f44531a0b84f2cbc38d663aaf68e6d8 100644 (file)
--- a/templates/error.htm
+++ b/templates/error.htm
@@ -12,6 +12,6 @@
 
 <p>{ERROR}</p>{IF dir}
 
 
 <p>{ERROR}</p>{IF dir}
 

-<p><a href="{SCRIPT}?command=show&amp;file={BACK}">Back to {BACK}</a></p>{ENDIF}
+<p><a href="{SCRIPT}?command=show&amp;file={BACK_URL}">Back to {BACK}</a></p>{ENDIF}

 </body>
 </html>
\ No newline at end of file
 </body>
 </html>
\ No newline at end of file

diff --git a/templates/renamefile.htm b/templates/renamefile.htm
index f7b1ac6ae2ce24c7fe7cfbdee902fb2f1f228566..7df74cf996204675cf4cc2e0468dd0d6d26f7e27 100644 (file)
--- a/templates/renamefile.htm
+++ b/templates/renamefile.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>

 
 <hr>
 
 
 <hr>
 

diff --git a/templates/upload.htm b/templates/upload.htm
index 4f5759a7c898011a15746b96f2a8a29aae5cfa98..c450fb80157d2093281727eab84d979dfe4b3679 100644 (file)
--- a/templates/upload.htm
+++ b/templates/upload.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>

 
 <p>Using this form, you can upload a file to the current directory ('{DIR}').</p>
 
 
 <p>Using this form, you can upload a file to the current directory ('{DIR}').</p>
 

diff --git a/templates/viewfile.htm b/templates/viewfile.htm
index 30db60410f0f98f6507c027d0162c062009a70ba..4aaf594e4ee3307bfa6bdc058f6faefa809a5dc5 100644 (file)
--- a/templates/viewfile.htm
+++ b/templates/viewfile.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>

 
 <div style="background-color:#FFFFE0;border:1px solid black;margin-top:10px;width:100%">
 <pre style="color:#0000C0;">
 
 <div style="background-color:#FFFFE0;border:1px solid black;margin-top:10px;width:100%">
 <pre style="color:#0000C0;">


@@ -20,7 +20,7 @@
 </pre>
 </div>
 
 </pre>
 </div>
 

-{IF editable}<p><a href="{SCRIPT}?command=beginedit&amp;file={FILE}">Edit this file</a></p>{ELSE}<br>{ENDIF}
+{IF editable}<p><a href="{SCRIPT}?command=beginedit&amp;file={FILE_URL}">Edit this file</a></p>{ELSE}<br>{ENDIF}

 
 <hr>
 
 
 <hr>
 

diff --git a/templates/viewlink.htm b/templates/viewlink.htm
index 451cdedc69f672bb00ac44de210a9958cd7047c7..ba4ee610d1720547dba5632c7a0819961faf4e58 100644 (file)
--- a/templates/viewlink.htm
+++ b/templates/viewlink.htm
@@ -12,7 +12,7 @@
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 
 
 <p>(equals <a href="{URL}" target="_blank">{URL}</a>)</p>
 

-<p><a href="{SCRIPT}?command=show&amp;file={DIR}">Back to {DIR}</a></p>
+<p><a href="{SCRIPT}?command=show&amp;file={DIR_URL}">Back to {DIR}</a></p>

 
 <p>'{FILE}' is a symbolic link pointing to:<br>
 <tt>{LINK_TARGET}</tt></p>
 
 <p>'{FILE}' is a symbolic link pointing to:<br>
 <tt>{LINK_TARGET}</tt></p>