From: pcanterino <>
Date: Sun, 15 May 2005 09:21:11 +0000 (+0000)
Subject: - Before changing the permissions of a file, check if the user entered a valid
X-Git-Tag: version_3_0~26
X-Git-Url: https://git.p6c8.net/devedit.git/commitdiff_plain/6fbe54349efce55ed2950bbccfbdde543f75046a?ds=sidebyside
- Before changing the permissions of a file, check if the user entered a valid
octal number
- Changed the name of the error message "dir_read_fail" to "dir_read_failed"
---
diff --git a/errors.conf b/errors.conf
index 9a0619c..4775be3 100644
--- a/errors.conf
+++ b/errors.conf
@@ -12,7 +12,7 @@ dir_copy = This editor is not able to copy directories.
dir_edit = You cannot edit directories.
dir_no_create = You have not enough permissions to create a file in directory '{DIR}'.
dir_not_exist = The directory where you want to create this file or directory does not exist.
-dir_read_fail = Reading of directory '{DIR}' failed.
+dir_read_failed = Reading of directory '{DIR}' failed.
dir_replace = You are not allowed to replace a directory.
edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity.
edit_file_changed = The file you want to edit changed meanwhile. Now, it looks like this: {FILE}. Please try to merge these two versions of the file or save your version of the file using a different name.
@@ -20,6 +20,7 @@ exist_no_write = The target file '{FILE}' already exists and you have not eno
file_exists = A file or directory called '{FILE}' already exists.
file_too_large = The file you want to view or edit is too large (max. {SIZE} Bytes).
invalid_group = '{GROUP}' seems to be an invalid group name. Please check it and try again.
+invalid_mode = To change the group of a file or directory, you have to enter an octal number which has at least three digits.
invalid_upload = It seems that something is wrong with the file upload you want to submit.
link_copy = Copying symbolic links does not work.
link_edit = For security reasons, you cannot edit the target file of a symbolic link.
diff --git a/modules/Command.pm b/modules/Command.pm
index 1c5afa0..891b214 100644
--- a/modules/Command.pm
+++ b/modules/Command.pm
@@ -6,7 +6,7 @@ package Command;
# Execute Dev-Editor's commands
#
# Author: Patrick Canterino
-# Last modified: 2005-05-05
+# Last modified: 2005-05-15
#
use strict;
@@ -101,7 +101,7 @@ sub exec_show($$)
return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical);
my $direntries = dir_read($physical);
- return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries);
+ return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries);
my $files = $direntries->{'files'};
my $dirs = $direntries->{'dirs'};
@@ -817,6 +817,7 @@ sub exec_chprop($$)
{
# Change the mode
+ return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/);
chmod(oct($mode),$physical);
}