From 5abe8188abba8d1d5931b84d36d719c7ef3aee36 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Thu, 23 Dec 2010 21:09:40 +0000 Subject: [PATCH] New config option: disable_commands. This option defines a list of commands the user is not allowed to execute. --- devedit.pl | 9 ++++++- errors.conf | 1 + modules/Config/DevEdit.pm | 50 ++++++++++++++++++++++++++++++++++----- modules/Tool.pm | 49 +++++++++++++++++++++++++++++++++++++- 4 files changed, 101 insertions(+), 8 deletions(-) diff --git a/devedit.pl b/devedit.pl index d74a1bc..a868428 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2006-08-24 +# Last modified: 2010-12-23 # # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann # Copyright (C) 2003-2009 Patrick Canterino @@ -59,6 +59,13 @@ my $file = $cgi->param('file') || '/'; my $curdir = $cgi->param('curdir') || ''; my $newfile = $cgi->param('newfile') || ''; +# Check if the command is disabled + +if(is_disabled_command($config->{'disable_commands'},$command)) +{ + abort($config->{'errors'}->{'command_disabled'},'/',{COMMAND => encode_html($command)}); +} + # Create physical and virtual path for the new file my $new_physical = ''; diff --git a/errors.conf b/errors.conf index 244501f..87c8914 100644 --- a/errors.conf +++ b/errors.conf @@ -4,6 +4,7 @@ above_root = Accessing files and directories above the virtual root direc binary_file = This editor is not able to view/edit binary files. chprop_link = You are not allowed to change the properties of a symbolic link. chprop_root = You are not allowed to change the properties of the root directory. +command_disabled = The command '{COMMAND}' has been disabled by the administrator. command_unknown = Unknown command: '{COMMAND}' copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. create_above_root = You are not allowed to create files and directories above the virtual root directory. diff --git a/modules/Config/DevEdit.pm b/modules/Config/DevEdit.pm index b4cb963..24bc3a2 100644 --- a/modules/Config/DevEdit.pm +++ b/modules/Config/DevEdit.pm @@ -6,7 +6,7 @@ package Config::DevEdit; # Read and parse the configuration files # # Author: Patrick Canterino -# Last modified: 2005-09-30 +# Last modified: 2010-12-23 # # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann # Copyright (C) 2003-2009 Patrick Canterino @@ -30,6 +30,13 @@ use base qw(Exporter); @EXPORT = qw(read_config); +# This variable contains some dependencies for the "disable_commands" +# configuration option. +# The Hash key defines a command, the value is an Array Reference or String +# defining the commands that will also be disabled. + +my %disable_dependency = ('beginedit' => 'endedit'); + # read_config() # # Read the configuration files of Dev-Editor @@ -74,14 +81,15 @@ sub read_config($) my $new_conf = $userconf->{$ENV{'REMOTE_USER'}}; - $config->{'fileroot'} = $new_conf->{'fileroot'} if($new_conf->{'fileroot'}); - $config->{'httproot'} = $new_conf->{'httproot'} if($new_conf->{'httproot'}); + $config->{'fileroot'} = $new_conf->{'fileroot'} if($new_conf->{'fileroot'}); + $config->{'httproot'} = $new_conf->{'httproot'} if($new_conf->{'httproot'}); - $config->{'forbidden'} = $new_conf->{'forbidden'} if(defined $new_conf->{'forbidden'}); + $config->{'forbidden'} = $new_conf->{'forbidden'} if(defined $new_conf->{'forbidden'}); + $config->{'disable_commands'} = $new_conf->{'disable_commands'} if(defined $new_conf->{'disable_commands'}); - $config->{'hide_dot_files'} = $new_conf->{'hide_dot_files'} if(defined $new_conf->{'hide_dot_files'}); + $config->{'hide_dot_files'} = $new_conf->{'hide_dot_files'} if(defined $new_conf->{'hide_dot_files'}); - $config->{'user_config'} = 1; + $config->{'user_config'} = 1; } } @@ -108,6 +116,36 @@ sub read_config($) $config->{'forbidden'} = []; } + # Parse list of disabled commands (we need some universal code!) + + if($config->{'disable_commands'}) + { + my @commands; + + foreach my $command(parse_line('\s+',0,$config->{'disable_commands'})) + { + push(@commands,$command); + + if(exists($disable_dependency{$command}) && $disable_dependency{$command}) + { + if(ref($disable_dependency{$command}) eq 'ARRAY') + { + push(@commands,@{$disable_dependency{$command}}); + } + else + { + push(@commands,$disable_dependency{$command}); + } + } + } + + $config->{'disable_commands'} = \@commands; + } + else + { + $config->{'disable_commands'} = []; + } + return $config; } diff --git a/modules/Tool.pm b/modules/Tool.pm index b143dcb..95b64dd 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -6,7 +6,7 @@ package Tool; # Some shared sub routines # # Author: Patrick Canterino -# Last modified: 2008-04-25 +# Last modified: 2010-12-23 # # Copyright (C) 1999-2000 Roland Bluethgen, Frank Schoenmann # Copyright (C) 2003-2009 Patrick Canterino @@ -40,6 +40,8 @@ use base qw(Exporter); encode_html equal_url file_name + in_array + is_disabled_command is_forbidden_file mode_string multi_string @@ -267,6 +269,51 @@ sub file_name($) return $path; } +# in_array() +# +# Check if a value is in an array +# +# Params: 1. Value to find +# 2. Array +# +# Return: Status code (Boolean) + +sub in_array($$) +{ + my ($string,$array) = @_; + + foreach my $element(@{$array}) + { + return 1 if($string eq $element); + } + + #foreach + + return; +} + +# is_disabled_command() +# +# Check if a command is disabled +# +# Params: 1. Array Reference containing the list +# 2. Command to check +# +# Return: Status code (Boolean) + +sub is_disabled_command($$) +{ + my ($list,$command) = @_; + $command =~ s!/+$!!g; + + foreach my $entry(@$list) + { + return 1 if(uc($command) eq uc($entry)); + } + + return; +} + # is_forbidden_file() # # Check if a file is in the list of forbidden files -- 2.34.1