From 6fbe54349efce55ed2950bbccfbdde543f75046a Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sun, 15 May 2005 09:21:11 +0000 Subject: [PATCH 1/1] - Before changing the permissions of a file, check if the user entered a valid octal number - Changed the name of the error message "dir_read_fail" to "dir_read_failed" --- errors.conf | 3 ++- modules/Command.pm | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/errors.conf b/errors.conf index 9a0619c..4775be3 100644 --- a/errors.conf +++ b/errors.conf @@ -12,7 +12,7 @@ dir_copy = This editor is not able to copy directories. dir_edit = You cannot edit directories. dir_no_create = You have not enough permissions to create a file in directory '{DIR}'. dir_not_exist = The directory where you want to create this file or directory does not exist. -dir_read_fail = Reading of directory '{DIR}' failed. +dir_read_failed = Reading of directory '{DIR}' failed. dir_replace = You are not allowed to replace a directory. edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity. edit_file_changed = The file you want to edit changed meanwhile. Now, it looks like this: {FILE}. Please try to merge these two versions of the file or save your version of the file using a different name. @@ -20,6 +20,7 @@ exist_no_write = The target file '{FILE}' already exists and you have not eno file_exists = A file or directory called '{FILE}' already exists. file_too_large = The file you want to view or edit is too large (max. {SIZE} Bytes). invalid_group = '{GROUP}' seems to be an invalid group name. Please check it and try again. +invalid_mode = To change the group of a file or directory, you have to enter an octal number which has at least three digits. invalid_upload = It seems that something is wrong with the file upload you want to submit. link_copy = Copying symbolic links does not work. link_edit = For security reasons, you cannot edit the target file of a symbolic link. diff --git a/modules/Command.pm b/modules/Command.pm index 1c5afa0..891b214 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2005-05-05 +# Last modified: 2005-05-15 # use strict; @@ -101,7 +101,7 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},$upper_path->{'normal'}) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'errors'}->{'dir_read_fail'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); + return error($config->{'errors'}->{'dir_read_failed'},$upper_path->{'normal'},{DIR => encode_html($virtual)}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; @@ -817,6 +817,7 @@ sub exec_chprop($$) { # Change the mode + return error($config->{'errors'}->{'invalid_mode'},$dir) unless($mode =~ /^[0-7]{3,}$/); chmod(oct($mode),$physical); } -- 2.34.1